[peejaygee1]

OTL logfile created on: 08/12/2013 19:41:05 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sarah_000\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.89 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 29.04% Memory free
7.89 Gb Paging File | 3.10 Gb Available in Paging File | 39.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678.57 Gb Total Space | 430.54 Gb Free Space | 63.45% Space Free | Partition Type: NTFS
Drive D: | 19.30 Gb Total Space | 2.42 Gb Free Space | 12.52% Space Free | Partition Type: NTFS

Computer Name: SARAH | User Name: paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/11/19 04:26:22 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/11/18 14:32:40 | 003,780,064 | ---- | M] () -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
PRC - [2013/11/17 11:58:20 | 000,021,024 | ---- | M] (Smartbar) -- C:\Users\paul\AppData\Local\Smartbar\Application\SnapDo.exe
PRC - [2013/11/16 18:04:47 | 001,210,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\setup.exe
PRC - [2013/11/15 20:11:52 | 000,904,272 | ---- | M] (BitTorrent Inc.) -- C:\Users\sarah_000\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/11/15 08:10:17 | 002,894,144 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
PRC - [2013/11/13 16:43:45 | 000,194,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
PRC - [2013/11/08 15:29:27 | 000,066,336 | ---- | M] () -- C:\Program Files (x86)\qualitink\updatequalitink.exe
PRC - [2013/11/08 14:56:04 | 000,066,336 | ---- | M] () -- C:\Program Files (x86)\qualitink\bin\utilqualitink.exe
PRC - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/10/17 15:04:30 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/10/16 14:38:14 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2013/10/16 14:38:14 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2013/10/08 19:20:19 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/10/04 21:33:20 | 000,065,304 | ---- | M] (Whilokii) -- C:\Program Files (x86)\Whilokii\updateWhilokii.exe
PRC - [2013/10/04 21:00:10 | 000,065,304 | ---- | M] (Whilokii) -- C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
PRC - [2013/09/22 17:22:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sarah_000\Downloads\OTL (1).exe
PRC - [2013/08/16 06:30:52 | 000,411,952 | ---- | M] () -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe
PRC - [2013/06/29 09:49:28 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/06 22:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 22:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/09/07 16:33:08 | 000,581,024 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/09/07 16:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/07/27 17:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/07/26 03:20:55 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2012/07/18 01:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 01:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/18 01:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/07/18 01:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/08 03:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/03/28 17:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/08/26 13:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/19 04:26:22 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/11/18 14:32:40 | 003,780,064 | ---- | M] () -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
MOD - [2013/11/18 14:31:07 | 003,618,304 | ---- | M] () -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
MOD - [2013/11/17 11:58:40 | 000,031,264 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\srut.dll
MOD - [2013/11/17 11:58:38 | 000,020,512 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\srsbs.dll
MOD - [2013/11/17 11:58:36 | 000,248,352 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\srns.dll
MOD - [2013/11/17 11:58:36 | 000,014,368 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\srpdm.dll
MOD - [2013/11/17 11:58:34 | 000,063,008 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\srau.dll
MOD - [2013/11/17 11:58:32 | 000,048,672 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\sppsm.dll
MOD - [2013/11/17 11:58:30 | 000,055,840 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\spbl.dll
MOD - [2013/11/17 11:58:28 | 000,053,280 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013/11/17 11:58:28 | 000,025,632 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013/11/17 11:58:26 | 000,150,560 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013/11/17 11:58:26 | 000,112,672 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013/11/17 11:58:26 | 000,017,440 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013/11/17 11:58:24 | 000,057,376 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013/11/17 11:58:22 | 002,017,824 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013/11/17 11:58:22 | 000,034,848 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013/11/17 11:58:22 | 000,014,368 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013/11/17 11:58:20 | 000,728,096 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013/11/17 11:58:20 | 000,081,952 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013/11/17 11:58:18 | 000,013,344 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\siem.dll
MOD - [2013/11/17 11:58:16 | 000,014,368 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\sgml.dll
MOD - [2013/11/17 11:58:12 | 000,048,160 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013/11/17 11:02:02 | 000,193,056 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\sgmu.dll
MOD - [2013/11/17 11:01:04 | 000,068,640 | ---- | M] () -- C:\Users\paul\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
MOD - [2013/11/14 20:05:08 | 001,127,152 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/11/13 16:41:40 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2013/11/13 16:41:40 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2013/10/29 18:42:28 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d438e7ec4899763070e7b5db3f166373\System.ServiceModel.Internals.ni.dll
MOD - [2013/10/29 18:42:06 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3df2fdd27a3e685ce5dda8bce4956e5b\SMDiagnostics.ni.dll
MOD - [2013/10/25 20:11:46 | 000,911,872 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2013/10/25 20:11:39 | 000,146,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013/10/13 10:26:53 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d4edcacb877df7e257f1459985e0b886\System.Configuration.ni.dll
MOD - [2013/10/12 15:57:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\53c49b1cfdb85cf6784c7dcc8cdbd56d\System.Windows.Forms.ni.dll
MOD - [2013/10/12 15:57:03 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e6606a84f8a4cdc18c74e63ec807c689\System.Windows.Forms.ni.dll
MOD - [2013/10/12 15:56:52 | 019,537,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\6b40a60180e23feff705e28e351e10e1\System.ServiceModel.ni.dll
MOD - [2013/10/12 15:56:36 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\e1c6945213ca43ec9769fe95576962ce\System.Runtime.Serialization.ni.dll
MOD - [2013/10/12 15:56:28 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\7ca77eb7aa8b12aeb6717d4c727f9035\System.Configuration.Install.ni.dll
MOD - [2013/10/12 15:56:27 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c508451271803f1677317735db499f5c\System.Configuration.ni.dll
MOD - [2013/10/12 15:56:21 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3e52c3479469fe72eed0716b48859e91\WindowsBase.ni.dll
MOD - [2013/10/12 15:56:14 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\79e8b7b183668471ab364d4132fb8018\System.Core.ni.dll
MOD - [2013/10/08 19:20:19 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/09/14 19:32:32 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\66408ec86b705cd9f9aab66e84bb7fd5\System.Web.Services.ni.dll
MOD - [2013/09/14 19:31:55 | 011,920,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\538224ffef6d0b8691f397688ec6a48d\System.Web.ni.dll
MOD - [2013/09/13 19:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 19:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/15 18:04:08 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\624ad6159b6e241ad6d28bf4dca9f14b\System.Xml.ni.dll
MOD - [2013/08/15 18:04:02 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\123cf617d7b6b31c44e39f8594f064c5\System.Xaml.ni.dll
MOD - [2013/08/15 18:03:28 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3603744988436295da5d16e76038e484\System.Drawing.ni.dll
MOD - [2013/08/15 18:03:14 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\972bf4ffab06e561447d12baf3b3dfa9\PresentationFramework.ni.dll
MOD - [2013/08/15 18:02:59 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5b504b7cd800dcd6c06d841d94ca099a\PresentationCore.ni.dll
MOD - [2013/08/15 18:02:17 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\375a937eec7d6faa53ac11ab2973eb76\System.ni.dll
MOD - [2013/08/15 12:25:44 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3866f7a0829a76e958174f2d89bae9a8\System.Management.ni.dll
MOD - [2013/08/15 12:24:54 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8fe60cfe4f5cb2cb30de3b640e9f94fb\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 12:24:53 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\cf49a998b717bce1bce9a417376fd6ab\System.Transactions.ni.dll
MOD - [2013/08/15 10:25:25 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fc5d4ada42ed8e9a30b64912f5dc9767\System.Xml.ni.dll
MOD - [2013/08/15 10:25:14 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e4447d26cd9083018bd28ddd60a0248\System.Drawing.ni.dll
MOD - [2013/08/15 10:25:13 | 006,657,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee29e78167d8c1de224ff178d6c9d544\System.Data.ni.dll
MOD - [2013/08/15 10:24:36 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1b46657236c1f942f9dbaf6aac73bb49\System.ni.dll
MOD - [2013/07/14 09:54:42 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\aa8342f91aba9ea9e511e9954307ab45\CustomMarshalers.ni.dll
MOD - [2013/07/12 19:37:09 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\d1ce70bf6cbab6ab838cbd8b50e902c1\mscorlib.ni.dll
MOD - [2013/07/12 13:17:39 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e3a9f3d64adfb3c69b49d37368bf454\mscorlib.ni.dll
MOD - [2013/03/27 16:04:54 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012/07/26 23:08:38 | 002,972,672 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/07/26 23:08:38 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/07/26 23:08:38 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/08/16 05:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/02 00:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/29 09:49:28 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV:64bit: - [2013/06/24 22:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 09:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 06:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 06:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 04:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/06 22:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/03/02 02:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 02:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 23:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 23:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 06:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/08/10 14:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/07/26 03:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/26 03:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 03:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 03:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 03:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 03:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 03:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 03:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 03:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 03:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 03:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/07/22 07:30:36 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/04/20 13:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2013/11/19 04:26:22 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/18 14:32:40 | 003,780,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe -- (BitGuard)
SRV - [2013/11/15 08:10:17 | 002,894,144 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013/11/08 15:29:27 | 000,066,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\qualitink\updatequalitink.exe -- (Update qualitink)
SRV - [2013/11/08 14:56:04 | 000,066,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\qualitink\bin\utilqualitink.exe -- (Util qualitink)
SRV - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/10/08 19:20:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/04 21:33:20 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files (x86)\Whilokii\updateWhilokii.exe -- (Update Whilokii)
SRV - [2013/10/04 21:00:10 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe -- (Util Whilokii)
SRV - [2013/09/19 22:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/08/16 06:30:52 | 000,411,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe -- (PCSUService)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/07 16:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/08/10 16:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/08 11:09:02 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/26 03:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 03:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/26 03:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/26 03:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/18 01:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 01:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/18 01:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/07/18 01:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/14 16:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/17 15:05:02 | 000,275,056 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\RapportHades64.sys -- (RapportHades64)
DRV:64bit: - [2013/10/17 15:05:00 | 000,317,808 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/10/10 11:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/08/20 06:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 06:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/08/16 05:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 06:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 08:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/02 01:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/07/02 01:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/02 01:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/02 00:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 22:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 06:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 03:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/26 17:31:41 | 000,495,856 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/05/26 17:31:39 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/05/04 07:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/15 06:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/06 22:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/06 22:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/03/06 22:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/06 22:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/06 22:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/06 22:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/06 22:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/03/06 22:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/03/02 10:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 10:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/10 01:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/27 03:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 04:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 03:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 08:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 07:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 07:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 07:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/31 08:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/08/24 09:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/10 14:24:28 | 000,042,400 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/08/10 14:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/08 05:17:54 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/07/31 19:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/31 08:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/26 05:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 05:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 05:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 05:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 05:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 05:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 05:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 05:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 05:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 05:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 05:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 05:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 05:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 05:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 05:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 05:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 05:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 04:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 04:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 03:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 02:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 02:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 02:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 02:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 02:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 02:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 02:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 02:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 02:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 02:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 02:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 02:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 02:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 02:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 02:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 02:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 02:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 02:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 02:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 02:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 02:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 22:53:22 | 011,926,528 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/22 07:30:36 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/07/04 13:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/07/02 23:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/29 02:00:48 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/25 09:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/19 15:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/02 14:31:47 | 011,400,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNe64.sys -- (NETwNe64)
DRV - [2013/11/14 20:05:07 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
DRV - [2013/10/17 15:05:02 | 000,284,176 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2013/10/17 15:05:00 | 000,399,312 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{A8FBBD84-5331-42A3-B73E-01280FA29F33}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=25/10/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol...125035&tsp=5024
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=25/10/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=25/10/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=25/10/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=25/10/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=25/10/2013
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=25/10/2013
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..CT3287810.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "VisualBee V.11 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: firefox%40whilokii.net:1.0.0
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40iminent.com:1.6.0
FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:7.48.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: "http://feed.snapdo.c...=25/10/2013&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DEDAF650-12B8-48f5-A843-BBA100716106}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/18 08:33:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/03/18 22:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\Extensions
[2013/11/27 20:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions
[2013/11/22 21:21:39 | 000,000,000 | ---D | M] (VisualBee V.11) -- C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\{7093ee04-f2e4-4637-a667-0f730797b3a0}
[2013/10/27 08:54:41 | 000,000,000 | ---D | M] (Iminent Toolbar) -- C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]
[2013/10/03 20:25:02 | 000,000,000 | ---D | M] (SearchGol) -- C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]
[2013/11/27 20:59:00 | 000,000,000 | ---D | M] (Iminent) -- C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]
[2013/09/26 20:44:48 | 000,007,535 | ---- | M] () (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\extensions\[email protected]
[2013/08/08 12:07:04 | 000,249,988 | ---- | M] () (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\extensions\[email protected]
[2013/10/08 20:56:27 | 000,013,228 | ---- | M] () (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\extensions\[email protected]
[2013/06/30 12:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\extensions\[email protected]
[2013/11/27 20:46:20 | 000,625,665 | ---- | M] () (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\extensions\[email protected]
[2013/12/03 20:57:14 | 000,002,435 | ---- | M] () -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\searchplugins\Web Search.xml
[2013/09/22 14:55:42 | 000,000,921 | ---- | M] () -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\searchplugins\yahoo.xml
[2013/10/01 06:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/10/01 06:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/19 04:26:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/01/10 15:08:36 | 000,002,147 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\StartWeb.xml

========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.snapdo.c...Date=25/10/2013
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://feed.snapdo.c...Date=25/10/2013
CHR - plugin: First user (Disabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Snap.Do = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: Google Docs = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Torntv 3 = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj\3.0_0\
CHR - Extension: YouTube = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Whilokii = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmdlmoekcipeicfbnohedgkglmbhcla\1.0.0_0\
CHR - Extension: avast! WebRep = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Iminent = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.43.4.1_0\
CHR - Extension: Iminent = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\
CHR - Extension: qualitink = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf\1.0.0_0\
CHR - Extension: Google Wallet = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: GoPhoto.it = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.6_0\
CHR - Extension: Gmail = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Iminent Chrome Toolbar = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_1\

O1 HOSTS File: ([2012/07/26 05:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (iminent Helper Object) - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\bh\iminent.dll (Iminent)
O2 - BHO: (Whilokii) - {204df522-9a96-4a72-abb0-60f7a216d6d2} - C:\Program Files (x86)\Whilokii\WhilokiiBHO.dll (Whilokii)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (qualitink) - {73ad5d47-66e5-4127-80ca-c0eedabafbcc} - C:\Program Files (x86)\qualitink\qualitinkBHO.dll (qualitink)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (searchgol Helper Object) - {8F547BDD-FCD4-48F8-A06F-573D6F404A3C} - C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll (Montera Technologeis LTD)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (SIEN)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (searchgol Toolbar) - {00078E95-3A4A-4137-8DE7-2824908D1C17} - C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Iminent Toolbar) - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminentTlbr.dll (Iminent)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\55e9baf9-745b-4f82-969e-a6a46b01753d.exe (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\paul\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKCU..\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (BrowserSafeguard)
O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe ()
O4 - HKCU..\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband File not found
O4 - HKCU..\Run: [uTorrent] C:\Users\paul\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKCU..\RunOnce: [Application Restart #2] C:\Users\paul\AppData\Local\Pokki\Engine\pokki.exe (Pokki)
O4 - Startup: C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O4 - Startup: C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A6F4C74-43A9-4F5A-BAB0-9A2EEB32D75D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C76B6B6B-6D91-4D3F-9D4F-81AC8FCCABFF}: DhcpNameServer = 40.21.1.201 40.21.1.202
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll) - c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll ()
O20:64bit: - AppInit_DLLs: (c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll) - c:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll ()
O20 - AppInit_DLLs: (c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll) - c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/28 19:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/27 21:01:12 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Apple Computer
[2013/11/27 21:01:12 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\Apple Computer
[2013/11/27 21:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/27 20:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/27 20:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/27 20:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/11/27 20:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/11/27 20:54:28 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\Apple
[2013/11/27 20:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/11/27 20:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/11/27 20:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/11/16 07:51:58 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\avgchrome
[2013/11/13 18:59:36 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\dvdcss

========== Files - Modified Within 30 Days ==========

[2013/12/08 19:20:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/08 19:14:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/08 18:24:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/08 18:23:24 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\Torntv 2-codedownloader.job
[2013/12/08 18:10:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/08 10:58:03 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\PC SpeedUp Service Deactivator.job
[2013/12/07 11:12:06 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/06 22:47:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForpaul.job
[2013/11/28 17:27:57 | 000,941,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/28 17:27:57 | 000,788,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/28 17:27:57 | 000,162,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/27 21:01:06 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/20 17:11:58 | 000,002,334 | ---- | M] () -- C:\Users\paul\Desktop\Search.lnk
[2013/11/20 17:02:22 | 000,436,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/20 17:02:11 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/11/20 17:02:08 | 3345,604,608 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/16 07:34:29 | 575,919,567 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2013/12/02 22:48:18 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForpaul.job
[2013/11/27 21:01:06 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/27 20:53:44 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/11/20 17:11:58 | 000,002,396 | ---- | C] () -- C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013/11/20 17:11:58 | 000,002,334 | ---- | C] () -- C:\Users\paul\Desktop\Search.lnk
[2013/11/20 17:08:53 | 000,001,164 | ---- | C] () -- C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/20 17:02:12 | 000,436,744 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 17:01:38 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/07/10 11:10:37 | 000,000,258 | RHS- | C] () -- C:\Users\paul\ntuser.pol
[2012/08/08 05:18:02 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/08/08 05:17:52 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/08 05:17:50 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/08/03 22:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 08:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 08:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 07:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 01:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 20:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 20:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 20:22:56 | 000,733,840 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/07/25 20:22:56 | 000,492,340 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/07/25 20:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 20:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 20:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/02 14:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/08/24 16:52:35 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 06:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 05:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 03:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 03:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 03:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/03 20:24:44 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\0D0S1L2Z1P1B
[2013/10/27 08:54:32 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Iminent
[2013/09/23 21:16:35 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Nico Mak Computing
[2013/10/03 20:25:00 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\searchgol
[2013/03/18 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Synaptics
[2013/12/08 13:28:40 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\uTorrent
[2013/03/27 13:26:06 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >

[Advertisements]

Hello peejaygee1,

Bit to do in this post.

Now

Please run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:
  
  

  :OTL
  PRC - [2013/11/08 15:29:27 | 000,066,336 | ---- | M] () -- C:\Program Files (x86)\qualitink\updatequalitink.exe
  PRC - [2013/11/08 14:56:04 | 000,066,336 | ---- | M] () -- C:\Program Files (x86)\qualitink\bin\utilqualitink.exe
  PRC - [2013/10/16 14:38:14 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
  PRC - [2013/10/16 14:38:14 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
  PRC - [2013/10/04 21:33:20 | 000,065,304 | ---- | M] (Whilokii) -- C:\Program Files (x86)\Whilokii\updateWhilokii.exe
  PRC - [2013/10/04 21:00:10 | 000,065,304 | ---- | M] (Whilokii) -- C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
  PRC - [2013/08/16 06:30:52 | 000,411,952 | ---- | M] () -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe
  IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=25/10/2013
  IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent...q={searchTerms}
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol...125035&tsp=5024
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=25/10/2013
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=25/10/2013
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=25/10/2013
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=25/10/2013
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=25/10/2013
  IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
  IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=25/10/2013
  IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
  IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent...q={searchTerms}
  FF - prefs.js..CT3287810.browser.search.defaultthis.engineName: "true"
  FF - prefs.js..browser.search.defaultthis.engineName: "VisualBee V.11 Customized Web Search"
  FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
  FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
  FF - prefs.js..extensions.enabledAddons: firefox%40whilokii.net:1.0.0
  FF - prefs.js..extensions.enabledAddons: ffxtlbr%40iminent.com:1.6.0
  FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:7.48.1.1
  FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
  FF - prefs.js..keyword.URL: "http://feed.snapdo.c...=25/10/2013&q="
  [2013/10/03 20:25:02 | 000,000,000 | ---D | M] (SearchGol) -- C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]
  [2013/11/27 20:59:00 | 000,000,000 | ---D | M] (Iminent) -- C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]
  [2013/09/26 20:44:48 | 000,007,535 | ---- | M] () (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\extensions\[email protected]
  [2013/11/27 20:46:20 | 000,625,665 | ---- | M] () (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\extensions\[email protected]
  [2013/12/03 20:57:14 | 000,002,435 | ---- | M] () -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\searchplugins\Web Search.xml
  [2013/09/22 14:55:42 | 000,000,921 | ---- | M] () -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\searchplugins\yahoo.xml
  O2 - BHO: (iminent Helper Object) - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\bh\iminent.dll (Iminent)
  O2 - BHO: (Whilokii) - {204df522-9a96-4a72-abb0-60f7a216d6d2} - C:\Program Files (x86)\Whilokii\WhilokiiBHO.dll (Whilokii)
  O2 - BHO: (qualitink) - {73ad5d47-66e5-4127-80ca-c0eedabafbcc} - C:\Program Files (x86)\qualitink\qualitinkBHO.dll (qualitink)
  O2 - BHO: (searchgol Helper Object) - {8F547BDD-FCD4-48F8-A06F-573D6F404A3C} - C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll (Montera Technologeis LTD)
  O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (SIEN)
  O3 - HKLM\..\Toolbar: (searchgol Toolbar) - {00078E95-3A4A-4137-8DE7-2824908D1C17} - C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll (Montera Technologeis LTD)
  O3 - HKLM\..\Toolbar: (Iminent Toolbar) - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminentTlbr.dll (Iminent)
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
  O4 - HKCU..\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband File not found
  O4 - HKCU..\RunOnce: [Application Restart #2] C:\Users\paul\AppData\Local\Pokki\Engine\pokki.exe (Pokki)
  O20:64bit: - AppInit_DLLs: (c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll) - c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll ()
  O20 - AppInit_DLLs: (c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll) - c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll ()
  
  :Files
  C:\Program Files (x86)\qualitink
  C:\Program Files (x86)\Iminent
  C:\Program Files (x86)\Whilokii
  C:\Program Files (x86)\PC Speed Up
  
  ipconfig /flushdns /c
  
  :Commands
  [resethosts]
  [emptytemp]
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

Next

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Finally in this post

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called (FRST.txt) in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

So when you return please post

• OTL.txt
• JRT.txt
• FRST.txt
• Addition.txt

[emeraldnzl]

Hello peejaygee1,

Bit to do in this post.

Now

Please run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:
  
  

  :OTL
  PRC - [2013/11/08 15:29:27 | 000,066,336 | ---- | M] () -- C:\Program Files (x86)\qualitink\updatequalitink.exe
  PRC - [2013/11/08 14:56:04 | 000,066,336 | ---- | M] () -- C:\Program Files (x86)\qualitink\bin\utilqualitink.exe
  PRC - [2013/10/16 14:38:14 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
  PRC - [2013/10/16 14:38:14 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
  PRC - [2013/10/04 21:33:20 | 000,065,304 | ---- | M] (Whilokii) -- C:\Program Files (x86)\Whilokii\updateWhilokii.exe
  PRC - [2013/10/04 21:00:10 | 000,065,304 | ---- | M] (Whilokii) -- C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
  PRC - [2013/08/16 06:30:52 | 000,411,952 | ---- | M] () -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe
  IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=25/10/2013
  IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent...q={searchTerms}
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol...125035&tsp=5024
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=25/10/2013
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=25/10/2013
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=25/10/2013
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=25/10/2013
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=25/10/2013
  IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
  IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=25/10/2013
  IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
  IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent...q={searchTerms}
  FF - prefs.js..CT3287810.browser.search.defaultthis.engineName: "true"
  FF - prefs.js..browser.search.defaultthis.engineName: "VisualBee V.11 Customized Web Search"
  FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
  FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
  FF - prefs.js..extensions.enabledAddons: firefox%40whilokii.net:1.0.0
  FF - prefs.js..extensions.enabledAddons: ffxtlbr%40iminent.com:1.6.0
  FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:7.48.1.1
  FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
  FF - prefs.js..keyword.URL: "http://feed.snapdo.c...=25/10/2013&q="
  [2013/10/03 20:25:02 | 000,000,000 | ---D | M] (SearchGol) -- C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]
  [2013/11/27 20:59:00 | 000,000,000 | ---D | M] (Iminent) -- C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]
  [2013/09/26 20:44:48 | 000,007,535 | ---- | M] () (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\extensions\[email protected]
  [2013/11/27 20:46:20 | 000,625,665 | ---- | M] () (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\extensions\[email protected]
  [2013/12/03 20:57:14 | 000,002,435 | ---- | M] () -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\searchplugins\Web Search.xml
  [2013/09/22 14:55:42 | 000,000,921 | ---- | M] () -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\searchplugins\yahoo.xml
  O2 - BHO: (iminent Helper Object) - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\bh\iminent.dll (Iminent)
  O2 - BHO: (Whilokii) - {204df522-9a96-4a72-abb0-60f7a216d6d2} - C:\Program Files (x86)\Whilokii\WhilokiiBHO.dll (Whilokii)
  O2 - BHO: (qualitink) - {73ad5d47-66e5-4127-80ca-c0eedabafbcc} - C:\Program Files (x86)\qualitink\qualitinkBHO.dll (qualitink)
  O2 - BHO: (searchgol Helper Object) - {8F547BDD-FCD4-48F8-A06F-573D6F404A3C} - C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll (Montera Technologeis LTD)
  O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (SIEN)
  O3 - HKLM\..\Toolbar: (searchgol Toolbar) - {00078E95-3A4A-4137-8DE7-2824908D1C17} - C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll (Montera Technologeis LTD)
  O3 - HKLM\..\Toolbar: (Iminent Toolbar) - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminentTlbr.dll (Iminent)
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
  O4 - HKCU..\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband File not found
  O4 - HKCU..\RunOnce: [Application Restart #2] C:\Users\paul\AppData\Local\Pokki\Engine\pokki.exe (Pokki)
  O20:64bit: - AppInit_DLLs: (c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll) - c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll ()
  O20 - AppInit_DLLs: (c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll) - c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll ()
  
  :Files
  C:\Program Files (x86)\qualitink
  C:\Program Files (x86)\Iminent
  C:\Program Files (x86)\Whilokii
  C:\Program Files (x86)\PC Speed Up
  
  ipconfig /flushdns /c
  
  :Commands
  [resethosts]
  [emptytemp]
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

Next

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Finally in this post

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called (FRST.txt) in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

So when you return please post

• OTL.txt
• JRT.txt
• FRST.txt
• Addition.txt

[peejaygee1]

All processes killed
========== OTL ==========
Process updatequalitink.exe killed successfully!
Process utilqualitink.exe killed successfully!
No active process named Iminent.exe was found!
No active process named Iminent.Messengers.exe was found!
Process updateWhilokii.exe killed successfully!
Process utilWhilokii.exe killed successfully!
Process PCSUService.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Prefs.js: "true" removed from CT3287810.browser.search.defaultthis.engineName
Prefs.js: "VisualBee V.11 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "chr-greentree_ff&ilc=12&type=714647" removed from browser.search.param.yahoo-fr
Prefs.js: firefox%40whilokii.net:1.0.0 removed from extensions.enabledAddons
Prefs.js: ffxtlbr%40iminent.com:1.6.0 removed from extensions.enabledAddons
Prefs.js: webbooster%40iminent.com:7.48.1.1 removed from extensions.enabledAddons
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1 removed from extensions.enabledAddons
Prefs.js: "http://feed.snapdo.c...=25/10/2013&q=" removed from keyword.URL
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\content\imgs folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\content folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\components folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected] folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content\skin folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content\minibar\services folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content\minibar\lib folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content\minibar\content\images\ql folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content\minibar\content\images\emoji folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content\minibar\content\images\bhp folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content\minibar\content\images folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content\minibar\content\fx2\on folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content\minibar\content\fx2\off folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content\minibar\content\fx2 folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content\minibar\content folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content\minibar\adapters folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content\minibar folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content\lib folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content\jquery folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\detmy00y.default\extensions\[email protected] folder moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\extensions\[email protected] moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\extensions\[email protected] moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\searchplugins\Web Search.xml moved successfully.
C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\searchplugins\yahoo.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C}\ deleted successfully.
C:\Program Files (x86)\IminentToolbar\1.8.26.8\bh\iminent.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204df522-9a96-4a72-abb0-60f7a216d6d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{204df522-9a96-4a72-abb0-60f7a216d6d2}\ deleted successfully.
C:\Program Files (x86)\Whilokii\WhilokiiBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73ad5d47-66e5-4127-80ca-c0eedabafbcc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ad5d47-66e5-4127-80ca-c0eedabafbcc}\ deleted successfully.
C:\Program Files (x86)\qualitink\qualitinkBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F547BDD-FCD4-48F8-A06F-573D6F404A3C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F547BDD-FCD4-48F8-A06F-573D6F404A3C}\ deleted successfully.
C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.
C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{00078E95-3A4A-4137-8DE7-2824908D1C17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00078E95-3A4A-4137-8DE7-2824908D1C17}\ deleted successfully.
C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1FAFD711-ABF9-4F6A-8130-5166C7371427} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427}\ deleted successfully.
C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminentTlbr.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #2 deleted successfully.
C:\Users\paul\AppData\Local\Pokki\Engine\pokki.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll deleted successfully.
c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll deleted successfully.
c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll moved successfully.
========== FILES ==========
C:\Program Files (x86)\qualitink\bin\plugins folder moved successfully.
C:\Program Files (x86)\qualitink\bin folder moved successfully.
C:\Program Files (x86)\qualitink folder moved successfully.
C:\Program Files (x86)\Iminent\tr folder moved successfully.
C:\Program Files (x86)\Iminent\ro folder moved successfully.
C:\Program Files (x86)\Iminent\it folder moved successfully.
C:\Program Files (x86)\Iminent\inst\Bootstrapper folder moved successfully.
C:\Program Files (x86)\Iminent\inst folder moved successfully.
C:\Program Files (x86)\Iminent\fr folder moved successfully.
C:\Program Files (x86)\Iminent\es folder moved successfully.
C:\Program Files (x86)\Iminent\en folder moved successfully.
C:\Program Files (x86)\Iminent\de folder moved successfully.
C:\Program Files (x86)\Iminent folder moved successfully.
C:\Program Files (x86)\Whilokii\update folder moved successfully.
C:\Program Files (x86)\Whilokii\bin\plugins folder moved successfully.
C:\Program Files (x86)\Whilokii\bin folder moved successfully.
C:\Program Files (x86)\Whilokii folder moved successfully.
C:\Program Files (x86)\PC Speed Up folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\sarah_000\Downloads\cmd.bat deleted successfully.
C:\Users\sarah_000\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: paul
->Temp folder emptied: 151674990 bytes
->Temporary Internet Files folder emptied: 89135002 bytes
->FireFox cache emptied: 22953954 bytes
->Google Chrome cache emptied: 62632987 bytes
->Flash cache emptied: 80454 bytes

User: Public

User: Sarah24
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: sarah_000
->Temp folder emptied: 22553584 bytes
->Temporary Internet Files folder emptied: 8773545 bytes
->FireFox cache emptied: 45610694 bytes
->Google Chrome cache emptied: 437794406 bytes
->Flash cache emptied: 824 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23012071 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 18799542506 bytes

Total Files Cleaned = 18,753.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12092013_223826

Files\Folders moved on Reboot...
C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(20131209091007B3C).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20131209091007B3C).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20131209091010B3C).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by paul on 10/12/2013 at 22:12:53.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] backupstack
Failed to delete: [Service] backupstack
Successfully stopped: [Service] pcsuservice
Failed to delete: [Service] pcsuservice
Failed to stop: [Service] sprotection
Successfully stopped: [Service] update qualitink
Failed to delete: [Service] update qualitink
Successfully stopped: [Service] update whilokii
Failed to delete: [Service] update whilokii



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\browser infrastructure helper
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iminent
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\iminent
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iminentmessenger
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\iminentmessenger
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pcspeedup
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4288717324-1718261907-1307459325-1006\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\searchURL\\Default



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\iminent.webbooster.internetexplorer.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{539F74BF-7E5C-46BD-9D45-35B1A91C9CBD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9448AC19-EB62-46D5-B7DA-B059A7DB466A}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{8B0295E2-967E-439E-9560-807D9F625B57}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{8B0295E2-967E-439E-9560-807D9F625B57}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarbackup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarlog
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\whilokii
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update whilokii
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\umbrella
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\whilokii
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\escort.escortiepane
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\escort.escortiepane.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\i
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bho
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.downloadargs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.linktopromoteargs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.rawdataargs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.tinyurlargs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.virallinkargs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.clientcallback
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.contractbase
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.addtousercontentcommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.checkloginstatuscommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.cleancachecommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.gameovercallback
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getcreditcommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getinstallationcontextcommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getloginstatuscommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getloginstatusresult
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getvariablecommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getvariableresult
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.installationcontextresult
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loadcontentcommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loadcontentcommandresult
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.logincommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loginstatuschangedcallback
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.logoutcommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.mergeidentitycommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.myaccountcommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.playcontentcommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.postcontentcallback
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.recycleviewscommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.setvariablecommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showbrowserwindowcommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showcontrolcentercommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showpluginwindowcommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.testcontentcommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.usercontentchangedcallback
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.variablechangedcallback
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.warmupcommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.welcomecommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.servercommand
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.serverresult
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.lightcontent
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.lighturi
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.mediatorserviceproxy
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.browserhelperobject
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.browserhelperobject.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.scriptextender
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.scriptextender.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{8B0295E2-967E-439E-9560-807D9F625B57}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{8B0295E2-967E-439E-9560-807D9F625B57}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C5CBB76-7379-4490-AA5B-B037C0A36381}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasapi32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1clickdownload
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\iminent
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15d2d75c-9cb2-4efd-bad7-b9b4cb4bc693}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1clickdownload
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iminent
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15d2d75c-9cb2-4efd-bad7-b9b4cb4bc693}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iminent_rasapi32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iminent_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\snapdo_rasapi32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\snapdo_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatewhilokii_rasapi32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatewhilokii_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204df522-9a96-4a72-abb0-60f7a216d6d2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{204df522-9a96-4a72-abb0-60f7a216d6d2}



~~~ Files

Failed to delete: [File] "C:\Windows\Tasks\pc speedup service deactivator.job"
Successfully deleted: [File] "C:\Users\paul\appdata\locallow\SkwConfig.bin"



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\bitguard"
Successfully deleted: [Folder] "C:\ProgramData\iminent"
Failed to delete: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "C:\Users\paul\AppData\Roaming\iminent"
Successfully deleted: [Folder] "C:\Users\paul\appdata\local\smartbar"
Successfully deleted: [Folder] "C:\Users\paul\appdata\local\visualbeeclient"
Successfully deleted: [Folder] "C:\Users\paul\appdata\local\visualbeeexe"
Failed to delete: [Folder] "C:\Program Files (x86)\browsersafeguard"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Failed to delete: [Folder] "C:\Program Files (x86)\torntv 2"
Failed to delete: [Folder] "C:\Program Files (x86)\torntv.com"
Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\umbrella"
Successfully deleted: [Folder] "C:\Users\paul\AppData\Roaming\microsoft\windows\start menu\programs\firstrowsportapp.com"
Successfully deleted: [Folder] "C:\Users\paul\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"
Successfully deleted: [Folder] "C:\Users\paul\AppData\Roaming\microsoft\windows\start menu\programs\torntv.com"
Successfully deleted: [Folder] "C:\Users\paul\documents\pcspeedup"



~~~ FireFox

Successfully deleted: [File] C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\user.js
Successfully deleted: [File] C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\invalidprefs.js
Successfully deleted: [File] C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\extensions\{7093ee04-f2e4-4637-a667-0f730797b3a0}
Successfully deleted the following from C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\prefs.js

user_pref("CT3287810.FF19Solved", "true");
user_pref("CT3287810.UserID", "UN36927867693167527");
user_pref("CT3287810.browser.search.defaultthis.engineName", "");
user_pref("CT3287810.fullUserID", "UN36927867693167527.IN.20131026151744");
user_pref("CT3287810.installDate", "26/10/2013 15:17:53");
user_pref("CT3287810.installSessionId", "{201D3025-1C4E-40D1-A6D5-096D2286B756}");
user_pref("CT3287810.installSp", "FALSE");
user_pref("CT3287810.installerVersion", "1.8.0.14");
user_pref("CT3287810.keyword", "true");
user_pref("CT3287810.originalHomepage", "www.google.com");
user_pref("CT3287810.originalSearchAddressUrl", "hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=GB&userid=7f8eb772-fd0f-7281-f91c-2134976d12aa&searchtype=ds&i
user_pref("CT3287810.originalSearchEngine", "");
user_pref("CT3287810.originalSearchEngineName", "");
user_pref("CT3287810.searchRevert", "false");
user_pref("CT3287810.searchUserMode", "1");
user_pref("CT3287810.smartbar.homepage", "true");
user_pref("CT3287810.toolbarInstallDate", "26-10-2013 15:17:46");
user_pref("CT3287810.versionFromInstaller", "10.21.1.7");
user_pref("CT3287810.xpeMode", "0");
user_pref("CT3289075.FF19Solved", "true");
user_pref("CT3289075.UserID", "UN12966739252670816");
user_pref("CT3289075.fullUserID", "UN12966739252670816.IN.20131008215227");
user_pref("CT3289075.installDate", "08/10/2013 21:52:38");
user_pref("CT3289075.installSessionId", "-1");
user_pref("CT3289075.installSp", "FALSE");
user_pref("CT3289075.installerVersion", "1.7.0.9");
user_pref("CT3289075.searchRevert", "FALSE");
user_pref("CT3289075.searchUserMode", "1");
user_pref("CT3289075.versionFromInstaller", "10.20.0.13");
user_pref("CT3289075.xpeMode", "0");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=GB&userid=7f8eb772-fd0f-7281-f91c-2134976d12aa&searchtype=d
user_pref("browser.newtab.url", "hxxp://start.iminent.com/?ref=NewTab&appId=CC061156-6C36-41C2-A2EA-425DE47104D5");
user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=GB&userid=7f8eb772-fd0f-7281-f91c-2134976d12aa&searchtype=hp&installDate
user_pref("extensions.514a07afc7309.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.c
user_pref("extensions.51a0a2b197c9c.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>
user_pref("extensions.Y1kjOwWbL.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};(function(){if(window.self==window.top&&!document.get
user_pref("extensions.iminent.admin", false);
user_pref("extensions.iminent.aflt", "orgnl");
user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
user_pref("extensions.iminent.autoRvrt", "false");
user_pref("extensions.iminent.cntry", "GB");
user_pref("extensions.iminent.dfltLng", "");
user_pref("extensions.iminent.excTlbr", false);
user_pref("extensions.iminent.ffxUnstlRst", false);
user_pref("extensions.iminent.hdrMd5", "7FDD99DCB7F038E01F19E4FA258DF920");
user_pref("extensions.iminent.id", "d4d6d658000000000000083e8e49e7bf");
user_pref("extensions.iminent.instlDay", "16005");
user_pref("extensions.iminent.instlRef", "");
user_pref("extensions.iminent.lastVrsnTs", "1.8.26.88:54:38");
user_pref("extensions.iminent.newTab", false);
user_pref("extensions.iminent.prdct", "iminent");
user_pref("extensions.iminent.prtnrId", "iminent");
user_pref("extensions.iminent.rvrt", "false");
user_pref("extensions.iminent.sg", "none");
user_pref("extensions.iminent.smplGrp", "none");
user_pref("extensions.iminent.tlbrId", "base");
user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
user_pref("extensions.iminent.vrsn", "1.8.26.8");
user_pref("extensions.iminent.vrsnTs", "1.8.26.88:54:38");
user_pref("extensions.iminent.vrsni", "1.8.26.8");
Emptied folder: C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\detmy00y.default\minidumps [5 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\paul\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Successfully deleted: [Folder] C:\Users\paul\appdata\local\Google\Chrome\User Data\Default\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/12/2013 at 22:19:55.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-12-2013 01
Ran by paul at 2013-12-10 22:34:06
Running from C:\Users\paul\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30303)
7 Wonders II (x32 Version: 2.2.0.98)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
Aloha TriPeaks (x32 Version: 2.2.0.98)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
avast! Free Antivirus (x32 Version: 9.0.2008)
Bejeweled 3 (x32 Version: 2.2.0.98)
BitGuard (x32) <==== ATTENTION
Bonjour (Version: 3.0.0.10)
BrowserSafeguard (x32) <==== ATTENTION
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Classic Shell (Version: 3.6.8)
Connected Music powered by Universal Music Group version 1.0 (x32 Version: 1.0)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
Crazy Chicken Soccer (x32 Version: 2.2.0.98)
CyberLink LabelPrint (x32 Version: 2.5.1.5407)
CyberLink Media Suite 10 (x32 Version: 10.0.3.2608)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1926)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925)
CyberLink PowerDVD (x32 Version: 10.0.6.4319)
CyberLink YouCam (x32 Version: 3.5.4.5527)
D3DX10 (x32 Version: 15.4.2368.0902)
DMUninstaller (x32)
Energy Star (Version: 1.0.8)
Farm Frenzy (x32 Version: 2.2.0.98)
Final Drive Fury (x32 Version: 2.2.0.95)
FLV Media Player version 1.3 (x32 Version: 1.3)
Google Chrome (x32 Version: 31.0.1650.63)
Google Drive (x32 Version: 1.12.5329.1887)
Google Update Helper (x32 Version: 1.3.22.3)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.2.5.1)
HP Connected Music (Meridian - installer) (x32 Version: v1.0)
HP CoolSense (x32 Version: 2.10.3)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.0.0)
HP Games (x32 Version: 1.0.3.0)
HP Postscript Converter (Version: 3.1.3554)
HP Quick Launch (x32 Version: 3.0.6)
HP Recovery Manager (x32 Version: 7.00)
HP Registration Service (Version: 1.0.5976.4186)
HP Software Framework (x32 Version: 4.6.8.1)
HP Support Assistant (x32 Version: 7.0.32.44)
HP Utility Center (x32 Version: 1.0.7)
HP Wireless Button Driver (x32 Version: 1.0.6.1)
IDT Audio (x32 Version: 1.0.6417.0)
Iminent (x32 Version: 6.42.32.0) <==== ATTENTION
Iminent Toolbar on IE and Chrome (x32 Version: 1.8.26.8) <==== ATTENTION
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 9.17.10.2828)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
iTunes (Version: 11.1.3.8)
Jewel Match 3 (x32 Version: 2.2.0.98)
Jewel Quest II (x32 Version: 2.2.0.97)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98)
Mahjongg Artifacts (x32 Version: 2.2.0.110)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4551.1005)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 17.0.2006.0314)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MyPC Backup (Version: ) <==== ATTENTION
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1005)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1005)
PC Speed Up (Version: 3.2.16.0)
Pokki (HKCU Version: 0.263.13.325)
Polar Bowler (x32 Version: 2.2.0.97)
qualitink 1.0.0 (Version: 1.0.0)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (x32 Version: 5.0.2.0)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98)
Rapport (x32 Version: 3.5.1304.15)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.29029)
Remote Desktop Connection (x32 Version: 5.1.2600.2180)
Search Protection (HKCU Version: 7.5.0.1) <==== ATTENTION
Search-Gol Chrome Toolbar (x32)
searchgol toolbar (x32 Version: 1.8.16.19)
Snap.Do (x32 Version: 10.242.1.13535)
Snap.Do Engine (HKCU Version: 10.242.1.13535)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.5.3.3)
TornTV (x32 Version: 2.1 Build 26473)
Torntv 2 (x32 Version: 1.29.153.0)
Trinklit Supreme (x32 Version: 2.2.0.98)
Trusteer Endpoint Protection (x32 Version: 3.5.1304.15)
Update for Zip Extractor (HKCU)
Update Installer for WildTangent Games App (x32)
VideoPerformer (x32)
Virtual Families (x32 Version: 2.2.0.98)
VisualBee for Microsoft PowerPoint (HKCU Version: V3.9)
VLC media player 2.0.5 (x32 Version: 2.0.5)
Wedding Dash (x32 Version: 2.2.0.95)
Whilokii 1.0.0 (Version: 1.0.0)
WildTangent Games (x32 Version: 1.0.3.0)
WildTangent Games App (x32 Version: 4.0.9.6)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zip Extractor Packages (HKCU)
Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points =========================

22-11-2013 20:21:17 Scheduled Checkpoint
27-11-2013 20:54:32 Installed iTunes
05-12-2013 11:26:10 Scheduled Checkpoint
08-12-2013 20:42:05 avast! antivirus system restore point

==================== Hosts content: ==========================

2012-07-26 05:26 - 2013-12-09 22:38 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {02E51E53-C27E-4312-8D3F-6DE0C2B752F5} - \BrowserDefendert No Task File
Task: {072BD596-8DF7-477D-BDB2-6B28085FAD24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {12028FD6-DF48-45C4-BD41-94EA01C896DE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-17] (Microsoft Corporation)
Task: {2FFC5B48-6ABD-4B24-964F-3C7EF9731F44} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe
Task: {309FD3F6-FCFD-4506-B5D1-16307B5747A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {45DBD42E-9FBC-4AEF-B8FA-FBE3E322AF36} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4B1E9E49-E669-455C-8CD1-ED1A646E8EF3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {58BC9263-4BA1-48DC-8ED6-6DF04D4BE5C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {699F4BE1-4B96-4D82-95C0-D63E1EB18B7B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-08] (AVAST Software)
Task: {715A2A52-DFAD-4577-B016-12CCB7D69D54} - System32\Tasks\EPUpdater => C:\Users\paul\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
Task: {770C9209-5955-4495-B52A-A33344B9BDC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24] (Google Inc.)
Task: {7BB7C286-66ED-4298-8626-013B6D717A3A} - System32\Tasks\PC Performer => C:\Program Files (x86)\PC Performer\PCPerformer.exe
Task: {8D178C7F-E0ED-4BF5-A0A1-3CA34E12DC65} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {A1800F7C-A36F-469D-AEA9-2849A3CA93B8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-11-13] (Microsoft Corporation)
Task: {A339D2E1-FC7E-46DD-9550-DB7BCC555C22} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {A36512F1-F5EC-4B9C-8C75-263E78C3C217} - \BrowserProtect No Task File
Task: {BBDAA222-BBC6-4BD2-81B1-B17EF59B9BFC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-26] (Synaptics Incorporated)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CEF1C311-9099-40F8-A3BC-E917517B67B6} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {D14EB974-BE2D-4257-B511-20D5B8BDCD17} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe [2013-10-06] () <==== ATTENTION
Task: {D9888E0D-D831-4434-87F4-26B3090FAFCF} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {DFC1BCB0-BC56-48F0-A063-493E1D1EE1B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24] (Google Inc.)
Task: {EC372002-BC84-463E-8F4F-B2F211BE7A4D} - System32\Tasks\Torntv 2-codedownloader => C:\Program Files (x86)\Torntv 2\Torntv 2-codedownloader.exe [2013-10-27] (installdaddy)
Task: {F6EEFAA1-0439-4016-9DDB-DB45F236D00D} - System32\Tasks\HPCeeScheduleForpaul => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {FEAFEA1F-F474-49A2-9123-1A5D3844FFDA} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForpaul.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe
Task: C:\Windows\Tasks\Torntv 2-codedownloader.job => C:\Program Files (x86)\Torntv 2\Torntv 2-codedownloader.exe

==================== Loaded Modules (whitelisted) =============

2013-06-06 01:02 - 2013-06-06 01:02 - 01741080 _____ () C:\Users\paul\AppData\Local\Pokki\ocdeskband_0.dll
2013-11-13 16:21 - 2013-11-13 16:51 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-08 05:17 - 2012-08-08 05:17 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-19 11:22 - 2013-11-14 20:05 - 01127152 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2013-12-08 20:46 - 2013-12-08 16:08 - 02152448 _____ () C:\Program Files\AVAST Software\Avast\defs\13120801\algo.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2012-09-17 21:55 - 2012-06-08 03:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-11-13 16:11 - 2013-11-13 16:41 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-11-13 16:11 - 2013-11-13 16:41 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2013-12-08 20:46 - 2013-12-08 20:46 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-09-17 21:38 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-12-13 00:12 - 2012-12-13 00:12 - 00111104 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 02286592 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00219648 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00049664 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00051200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 11998720 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 01238016 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00070144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00037376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00157696 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00093696 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00258560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00047616 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00043520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2012-12-13 00:12 - 2012-12-13 00:12 - 00440320 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll
2012-12-13 00:12 - 2012-12-13 00:12 - 00724992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00083968 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2012-12-13 00:12 - 2012-12-13 00:12 - 00035840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00106496 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 01544192 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00310784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00051200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00037888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00198656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00092160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00073728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00045568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00044544 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00095744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00044032 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 01229312 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00037888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00040448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00973312 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00085504 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00185856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00038400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 01318912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00051200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 01719296 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00043008 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00372224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00154624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00037376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00386560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00265216 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 01888256 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00310784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00041472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00043008 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00263168 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00040448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00042496 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 09263616 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 01398784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00154624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00166400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00046080 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00703488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00052224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00044032 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00379392 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00139264 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00050688 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00041984 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00077824 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00042496 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00056320 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00044544 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00035840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00034816 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00070656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00182272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00068608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00135168 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 01518080 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00034816 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00038400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00035328 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00045568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00033792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll
2012-12-13 00:13 - 2012-12-13 00:13 - 00040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2013 08:50:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Sarah)
Description: Activation of application DefaultBrowser_NOPUBLISHERID!Chrome failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/10/2013 06:07:49 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (12/10/2013 05:55:06 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/10/2013 05:48:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Sarah)
Description: Activation of application Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/10/2013 05:48:52 PM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fd0

Start Time: 01cef5cfffc7e152

Termination Time: 4294967295

Application Path: C:\Windows\system32\wwahost.exe

Report Id: 47a20d75-61c3-11e3-bebf-28924a5691b4

Faulting package full name: Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe

Faulting package-relative application ID: Microsoft.Bing

Error: (12/10/2013 05:48:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Sarah)
Description: App Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing did not launch within its allotted time.

Error: (12/09/2013 10:26:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: pokki.exe, version: 0.263.13.325, time stamp: 0x51afdf66
Faulting module name: libPokki.dll, version: 23.0.1271.64, time stamp: 0x51afdeb9
Exception code: 0x80000003
Fault offset: 0x0005e270
Faulting process ID: 0x1f7c
Faulting application start time: 0xpokki.exe0
Faulting application path: pokki.exe1
Faulting module path: pokki.exe2
Report ID: pokki.exe3
Faulting package full name: pokki.exe4
Faulting package-relative application ID: pokki.exe5

Error: (12/09/2013 10:23:26 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/09/2013 09:03:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36422265

Error: (12/09/2013 09:03:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36422265


System errors:
=============
Error: (12/10/2013 05:47:17 PM) (Source: Service Control Manager) (User: )
Description: The Util Whilokii service failed to start due to the following error:
%%2

Error: (12/10/2013 05:47:17 PM) (Source: Service Control Manager) (User: )
Description: The Util qualitink service failed to start due to the following error:
%%2

Error: (12/10/2013 05:47:17 PM) (Source: Service Control Manager) (User: )
Description: The Update Whilokii service failed to start due to the following error:
%%2

Error: (12/10/2013 05:47:17 PM) (Source: Service Control Manager) (User: )
Description: The Update qualitink service failed to start due to the following error:
%%2

Error: (12/10/2013 05:45:06 PM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (12/10/2013 05:45:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (12/09/2013 10:43:37 PM) (Source: Service Control Manager) (User: )
Description: The PC Speed Up Service service failed to start due to the following error:
%%2

Error: (12/09/2013 10:42:48 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (12/09/2013 10:43:37 PM) (Source: BugCheck) (User: )
Description: 0xc000021a (0xfffff8a00deb31d0, 0xffffffffc0000005, 0x000007f785eb000a, 0x000000dc47e4f080)C:\Windows\MEMORY.DMP120913-38343-01

Error: (12/09/2013 10:43:36 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:09:28 on ‎09/‎12/‎2013 was unexpected.


Microsoft Office Sessions:
=========================
Error: (12/10/2013 08:50:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Sarah)
Description: DefaultBrowser_NOPUBLISHERID!Chrome-2144927148

Error: (12/10/2013 06:07:49 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (12/10/2013 05:55:06 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/10/2013 05:48:52 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Sarah)
Description: Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing-2144927142

Error: (12/10/2013 05:48:52 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.16420fd001cef5cfffc7e1524294967295C:\Windows\system32\wwahost.exe47a20d75-61c3-11e3-bebf-28924a5691b4Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbweMicrosoft.Bing

Error: (12/10/2013 05:48:27 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Sarah)
Description: Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing

Error: (12/09/2013 10:26:55 PM) (Source: Application Error)(User: )
Description: pokki.exe0.263.13.32551afdf66libPokki.dll23.0.1271.6451afdeb9800000030005e2701f7c01cef52dbf622e28C:\Users\paul\AppData\Local\Pokki\Engine\pokki.exeC:\Users\paul\AppData\Local\Pokki\Engine\libPokki.dll01ad569d-6121-11e3-bebe-28924a5691b4

Error: (12/09/2013 10:23:26 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/09/2013 09:03:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36422265

Error: (12/09/2013 09:03:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36422265


CodeIntegrity Errors:
===================================
Date: 2013-12-10 22:32:54.231
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-10 22:30:53.935
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-10 22:30:52.020
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-10 22:23:44.822
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-10 22:23:41.176
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-10 22:23:40.711
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-10 22:23:19.233
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-10 22:15:36.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-10 22:12:47.027
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-10 22:10:59.182
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 3988.27 MB
Available physical RAM: 2443.11 MB
Total Pagefile: 8084.27 MB
Available Pagefile: 6656.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:678.57 GB) (Free:448.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.3 GB) (Free:2.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 339D0CD5)

Partition: GPT Partition Type
==================== End Of Log ============================





Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-12-2013 01
Ran by paul (administrator) on SARAH on 10-12-2013 22:33:07
Running from C:\Users\paul\Downloads
Windows 8 (X64) OS Language: English(UK)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(BitTorrent Inc.) C:\Users\paul\AppData\Roaming\uTorrent\uTorrent.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-22] (IDT, Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [uTorrent] - C:\Users\paul\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-22] (BitTorrent Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\55e9baf9-745b-4f82-969e-a6a46b01753d.exe [180184 2013-11-23] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-08] (AVAST Software)
HKU\Sarah24\...\Run: [Pokki] - C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband
HKU\sarah_000\...\Run: [uTorrent] - C:\Users\sarah_000\AppData\Roaming\uTorrent\uTorrent.exe [904272 2013-11-15] (BitTorrent Inc.)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll [ ] ()
Startup: C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Sarah24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS
SearchScopes: HKLM - {A8FBBD84-5331-42A3-B73E-01280FA29F33} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - DefaultScope {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\detmy00y.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\StartWeb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\StartWeb.xml
FF Extension: Iminent Toolbar - C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\detmy00y.default\Extensions\[email protected]
FF Extension: gophoto - C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\detmy00y.default\Extensions\[email protected]
FF Extension: j7yoa - C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\detmy00y.default\Extensions\[email protected]
FF HKLM\...\Firefox\Extensions: [{DEDAF650-12B8-48f5-A843-BBA100716106}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: hxxp://start.iminent.com/?appId=CC061156-6C36-41C2-A2EA-425DE47104D5
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=CC061156-6C36-41C2-A2EA-425DE47104D5"
CHR DefaultSearchKeyword: start.iminent.com
CHR DefaultSearchProvider: StartWeb
CHR DefaultSearchURL: http://start.iminent...q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaenoodoabpfbmpcidlgdmjnghapjchg\10.14.370.24_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaenoodoabpfbmpcidlgdmjnghapjchg\10.14.370.24_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaenoodoabpfbmpcidlgdmjnghapjchg\10.14.370.24_0\plugins/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (Google Docs) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Iminent) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0
CHR Extension: (Google Wallet) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (GoPhoto.it) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.6_0
CHR Extension: (Gmail) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Iminent Chrome Toolbar) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_1
CHR HKLM-x32\...\Chrome\Extension: [aipfmkinhleccnodemkoofnnofpbbpac] - C:\Users\paul\AppData\Roaming\BabSolution\CR\searchgol.crx
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx
CHR HKLM-x32\...\Chrome\Extension: [dlmdlmoekcipeicfbnohedgkglmbhcla] - C:\Program Files (x86)\Whilokii\dlmdlmoekcipeicfbnohedgkglmbhcla.crx
CHR HKLM-x32\...\Chrome\Extension: [gflandjopdloblmlcoiidmncpinmmacn] - C:\Users\paul\AppData\Roaming\zulagames\zulagames.crx
CHR HKLM-x32\...\Chrome\Extension: [ljkcijnbckdflhifmbnfnkjacokloacf] - C:\Program Files (x86)\qualitink\ljkcijnbckdflhifmbnfnkjacokloacf.crx
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit16.crx
CHR HKLM-x32\...\Chrome\Extension: [pkhojieggfgllhllcegoffdcnmdeojgb] - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminent.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-08] (AVAST Software)
R2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-25] (Trusteer Ltd.)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2894144 2013-11-15] (Iminent)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [x]
S2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [x]
S2 Update qualitink; "C:\Program Files (x86)\qualitink\updatequalitink.exe" [x]
S2 Update Whilokii; "C:\Program Files (x86)\Whilokii\updateWhilokii.exe" [x]
S2 Util qualitink; "C:\Program Files (x86)\qualitink\bin\utilqualitink.exe" [x]
S2 Util Whilokii; "C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-08] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-11-14] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-25] (Trusteer Ltd.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [275056 2013-10-25] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-25] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-25] (Trusteer Ltd.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-26] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-10 22:33 - 2013-12-10 22:33 - 00022749 _____ C:\Users\paul\Downloads\FRST.txt
2013-12-10 22:32 - 2013-12-10 22:32 - 00001120 _____ C:\Users\paul\Desktop\FRST64 - Shortcut.lnk
2013-12-10 22:31 - 2013-12-10 22:31 - 00000000 ____D C:\FRST
2013-12-10 22:28 - 2013-12-10 22:28 - 01928212 _____ (Farbar) C:\Users\paul\Downloads\FRST64.exe
2013-12-10 22:26 - 2013-12-10 22:26 - 00000578 _____ C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Control Panel - Shortcut (3).lnk
2013-12-10 22:20 - 2013-12-10 22:20 - 00025611 _____ C:\Users\paul\Desktop\JRT1012.txt
2013-12-10 22:19 - 2013-12-10 22:19 - 00025611 _____ C:\Users\paul\Desktop\JRT.txt
2013-12-10 22:04 - 2013-12-10 22:04 - 01034531 _____ (Thisisu) C:\Users\paul\Downloads\JRT.exe
2013-12-10 22:02 - 2013-12-10 22:02 - 00031300 _____ C:\Users\paul\Desktop\otl1012.txt
2013-12-10 20:59 - 2013-12-10 21:07 - 00000000 ____D C:\Users\paul\Downloads\Revenge S03E09 HDTV x264-LOL[ettv]
2013-12-09 22:43 - 2013-12-09 22:43 - 00284616 _____ C:\Windows\Minidump\120913-38343-01.dmp
2013-12-09 22:41 - 2013-12-10 17:46 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-12-09 22:27 - 2013-12-09 22:27 - 00000000 ____D C:\Users\paul\AppData\Roaming\AVAST Software
2013-12-09 09:12 - 2013-12-09 09:12 - 00000000 ____D C:\Users\sarah_000\AppData\Roaming\AVAST Software
2013-12-09 09:09 - 2013-12-09 09:09 - 00284560 _____ C:\Windows\Minidump\120913-63703-01.dmp
2013-12-08 09:17 - 2013-12-08 09:19 - 00000000 ____D C:\Users\paul\Downloads\Shield.HQ.x264.ac3-Season.1-MCH
2013-12-02 22:48 - 2013-12-09 09:09 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForpaul.job
2013-12-02 22:48 - 2013-12-06 22:47 - 00003152 _____ C:\Windows\System32\Tasks\HPCeeScheduleForpaul
2013-12-02 21:58 - 2013-12-02 22:17 - 00000000 ____D C:\Users\paul\Downloads\Breaking Bad S05E05 Dead Freight HDTV x264-FQM[ettv]
2013-12-02 17:48 - 2013-12-02 19:00 - 00000000 ____D C:\Users\paul\Downloads\Breaking Bad S05E03 Hazard Pay HDTV x264-FQM[ettv]
2013-12-01 08:08 - 2013-12-01 08:08 - 00000000 ____D C:\Users\sarah_000\AppData\Roaming\WebApp
2013-11-30 13:57 - 2013-11-30 19:15 - 00000000 ____D C:\Users\paul\Downloads\Breaking.Bad.Season.4
2013-11-28 19:12 - 2013-11-28 19:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-28 19:10 - 2013-11-28 19:10 - 00000000 ____D C:\Users\sarah_000\AppData\Local\Apple Computer
2013-11-28 18:49 - 2013-11-28 19:13 - 00000000 ____D C:\Users\sarah_000\AppData\Roaming\Apple Computer
2013-11-27 21:01 - 2013-11-27 21:01 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-27 21:01 - 2013-11-27 21:01 - 00000000 ____D C:\Users\paul\AppData\Roaming\Apple Computer
2013-11-27 21:01 - 2013-11-27 21:01 - 00000000 ____D C:\Users\paul\AppData\Local\Apple Computer
2013-11-27 21:01 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-11-27 20:59 - 2013-11-27 21:00 - 00000000 ____D C:\Program Files\iTunes
2013-11-27 20:59 - 2013-11-27 21:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-27 20:59 - 2013-11-27 20:59 - 00000000 ____D C:\ProgramData\Apple Computer
2013-11-27 20:59 - 2013-11-27 20:59 - 00000000 ____D C:\Program Files\iPod
2013-11-27 20:54 - 2013-11-27 20:54 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-11-27 20:54 - 2013-11-27 20:54 - 00000000 ____D C:\Users\paul\AppData\Local\Apple
2013-11-27 20:53 - 2013-11-27 20:53 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-11-27 20:52 - 2013-11-27 20:52 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-27 20:50 - 2013-11-27 20:51 - 100400976 _____ (Apple Inc.) C:\Users\paul\Downloads\iTunes64Setup.exe
2013-11-27 20:48 - 2013-11-27 21:17 - 00000000 ____D C:\Users\paul\Downloads\VA - Anjunabeats Worldwide 3 (Mixed By Arty & Daniel Kandi) (2011)
2013-11-22 20:41 - 2013-11-22 20:41 - 00000000 ____D C:\Users\paul\Downloads\Inception (2010)
2013-11-21 21:10 - 2013-11-21 21:10 - 00000000 ____D C:\Users\sarah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-20 17:11 - 2013-11-20 17:11 - 00002396 _____ C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-11-20 17:11 - 2013-11-20 17:11 - 00002334 _____ C:\Users\paul\Desktop\Search.lnk
2013-11-20 17:08 - 2013-11-20 17:08 - 00001164 _____ C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-11-20 17:02 - 2013-11-20 17:02 - 00436744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-16 18:24 - 2013-11-16 19:46 - 1254655868 _____ C:\Users\sarah_000\Downloads\[ www.UsaBit.com ] - Where the Heart Is 2000 720p WEBRip x264-PLAYNOW.mp4
2013-11-16 18:08 - 2013-11-16 18:16 - 00000000 ____D C:\Users\sarah_000\Downloads\10 Years LIMITED BDRip XviD-SAPHiRE
2013-11-16 17:57 - 2013-11-16 18:02 - 00000000 ____D C:\Users\sarah_000\Downloads\Beastly.2011.DVDRip.XviD.AC3-BeFRee
2013-11-16 17:32 - 2013-11-16 17:35 - 00000000 ____D C:\Users\sarah_000\Downloads\The Notebook (2004)
2013-11-16 17:30 - 2013-11-16 17:49 - 00000000 ____D C:\Users\sarah_000\Downloads\The Internship (2013)
2013-11-16 07:51 - 2013-11-16 07:51 - 00000000 ____D C:\Users\paul\AppData\Local\avgchrome
2013-11-16 07:37 - 2013-11-05 22:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-16 07:37 - 2013-11-05 22:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-16 07:34 - 2013-11-16 07:34 - 00284616 _____ C:\Windows\Minidump\111613-47531-01.dmp
2013-11-14 18:59 - 2013-08-23 07:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-14 18:59 - 2013-08-23 01:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-14 18:57 - 2013-10-01 23:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 18:57 - 2013-10-01 23:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 16:54 - 2013-10-10 11:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-14 16:54 - 2013-10-10 09:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 16:54 - 2013-10-10 09:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-14 16:53 - 2013-09-14 01:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-14 16:53 - 2013-09-13 22:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-14 16:53 - 2013-09-13 22:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-14 16:53 - 2013-09-13 22:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-14 16:53 - 2013-09-13 22:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-14 16:53 - 2013-09-13 22:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-14 16:53 - 2013-09-13 22:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-14 16:53 - 2013-09-13 22:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-14 16:53 - 2013-09-13 22:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-14 16:53 - 2013-09-13 22:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-14 16:53 - 2013-09-13 22:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-14 16:53 - 2013-09-13 22:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-14 16:53 - 2013-09-13 22:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-14 16:53 - 2013-09-13 22:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-14 16:53 - 2013-09-13 22:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-14 16:53 - 2013-08-30 05:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-14 16:53 - 2013-08-30 05:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-14 16:53 - 2013-08-29 23:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-14 16:53 - 2013-08-21 06:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-14 16:53 - 2013-08-10 06:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-14 16:53 - 2013-08-10 05:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-14 16:53 - 2013-08-10 03:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-14 16:53 - 2013-07-24 23:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-14 16:53 - 2013-07-24 23:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-14 16:53 - 2013-07-12 01:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-14 16:53 - 2013-07-12 01:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-14 16:52 - 2013-10-12 08:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 16:52 - 2013-10-12 08:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 16:52 - 2013-10-12 08:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 16:52 - 2013-10-12 08:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 16:52 - 2013-10-12 08:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 16:52 - 2013-10-12 08:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 16:52 - 2013-10-12 07:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 16:52 - 2013-10-12 07:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 16:52 - 2013-10-12 07:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 16:52 - 2013-10-12 07:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 16:52 - 2013-10-12 07:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 16:52 - 2013-10-02 23:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 16:52 - 2013-10-01 23:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 16:52 - 2013-10-01 23:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 16:52 - 2013-10-01 22:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 16:52 - 2013-09-04 03:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 16:51 - 2013-10-12 08:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 16:51 - 2013-10-12 08:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 16:51 - 2013-10-12 08:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 16:51 - 2013-10-12 07:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 16:51 - 2013-10-12 07:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 16:51 - 2013-10-12 07:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 16:51 - 2013-09-23 22:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 16:51 - 2013-09-23 22:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 18:59 - 2013-11-13 18:59 - 00000000 ____D C:\Users\paul\AppData\Roaming\dvdcss

==================== One Month Modified Files and Folders =======

2013-12-10 22:33 - 2013-12-10 22:33 - 00022749 _____ C:\Users\paul\Downloads\FRST.txt
2013-12-10 22:33 - 2013-03-18 22:36 - 00000000 ____D C:\Users\paul\AppData\Roaming\uTorrent
2013-12-10 22:32 - 2013-12-10 22:32 - 00001120 _____ C:\Users\paul\Desktop\FRST64 - Shortcut.lnk
2013-12-10 22:31 - 2013-12-10 22:31 - 00000000 ____D C:\FRST
2013-12-10 22:28 - 2013-12-10 22:28 - 01928212 _____ (Farbar) C:\Users\paul\Downloads\FRST64.exe
2013-12-10 22:26 - 2013-12-10 22:26 - 00000578 _____ C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Control Panel - Shortcut (3).lnk
2013-12-10 22:21 - 2013-03-16 17:18 - 01298704 _____ C:\Windows\WindowsUpdate.log
2013-12-10 22:20 - 2013-12-10 22:20 - 00025611 _____ C:\Users\paul\Desktop\JRT1012.txt
2013-12-10 22:20 - 2013-03-17 06:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-10 22:19 - 2013-12-10 22:19 - 00025611 _____ C:\Users\paul\Desktop\JRT.txt
2013-12-10 22:10 - 2013-03-24 08:38 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-10 22:04 - 2013-12-10 22:04 - 01034531 _____ (Thisisu) C:\Users\paul\Downloads\JRT.exe
2013-12-10 22:02 - 2013-12-10 22:02 - 00031300 _____ C:\Users\paul\Desktop\otl1012.txt
2013-12-10 22:00 - 2013-04-03 21:13 - 00000000 ____D C:\Users\paul\AppData\Roaming\vlc
2013-12-10 22:00 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\system32\sru
2013-12-10 21:19 - 2013-10-26 14:17 - 00000350 _____ C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2013-12-10 21:07 - 2013-12-10 20:59 - 00000000 ____D C:\Users\paul\Downloads\Revenge S03E09 HDTV x264-LOL[ettv]
2013-12-10 20:53 - 2013-10-27 07:09 - 00001170 _____ C:\Windows\Tasks\Torntv 2-codedownloader.job
2013-12-10 18:20 - 2013-03-17 06:13 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 17:55 - 2013-03-18 22:08 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4288717324-1718261907-1307459325-1006
2013-12-10 17:52 - 2012-07-26 07:28 - 00941114 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-10 17:47 - 2013-03-24 08:38 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-10 17:46 - 2013-12-09 22:41 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-12-09 22:43 - 2013-12-09 22:43 - 00284616 _____ C:\Windows\Minidump\120913-38343-01.dmp
2013-12-09 22:43 - 2013-04-18 10:03 - 00000000 ____D C:\Windows\Minidump
2013-12-09 22:43 - 2012-07-26 07:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-09 22:42 - 2013-04-10 18:18 - 522494607 _____ C:\Windows\MEMORY.DMP
2013-12-09 22:42 - 2012-07-26 05:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-12-09 22:27 - 2013-12-09 22:27 - 00000000 ____D C:\Users\paul\AppData\Roaming\AVAST Software
2013-12-09 22:26 - 2013-08-23 17:10 - 00000000 ____D C:\Users\sarah_000\AppData\Roaming\uTorrent
2013-12-09 22:20 - 2013-07-31 19:19 - 00000000 ____D C:\Users\sarah_000\AppData\Roaming\vlc
2013-12-09 10:03 - 2013-07-09 18:47 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4288717324-1718261907-1307459325-1007
2013-12-09 09:12 - 2013-12-09 09:12 - 00000000 ____D C:\Users\sarah_000\AppData\Roaming\AVAST Software
2013-12-09 09:09 - 2013-12-09 09:09 - 00284560 _____ C:\Windows\Minidump\120913-63703-01.dmp
2013-12-09 09:09 - 2013-12-02 22:48 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForpaul.job
2013-12-09 09:08 - 2013-10-03 20:24 - 00000000 ____D C:\ProgramData\BitGuard
2013-12-09 09:08 - 2012-08-03 22:23 - 01696818 _____ C:\Windows\PFRO.log
2013-12-08 20:47 - 2013-04-18 08:35 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-08 20:46 - 2013-04-18 08:35 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-08 20:46 - 2013-04-18 08:35 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-08 20:46 - 2013-04-18 08:35 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-08 20:46 - 2013-04-18 08:35 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-08 20:46 - 2013-04-18 08:35 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-08 20:46 - 2013-04-18 08:35 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-08 20:46 - 2013-04-18 08:35 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-08 20:46 - 2013-04-18 08:35 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-08 20:46 - 2013-04-18 08:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-08 20:42 - 2013-04-18 08:31 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-08 20:40 - 2013-04-18 08:35 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-12-08 20:02 - 2013-09-20 21:40 - 00162954 _____ C:\Users\sarah_000\Downloads\OTL.Txt
2013-12-08 16:22 - 2013-03-24 19:45 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-08 16:22 - 2013-03-24 19:44 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-08 11:24 - 2013-10-06 10:24 - 00000000 ____D C:\Program Files (x86)\Browsersafeguard
2013-12-08 09:19 - 2013-12-08 09:17 - 00000000 ____D C:\Users\paul\Downloads\Shield.HQ.x264.ac3-Season.1-MCH
2013-12-07 11:12 - 2013-03-24 08:38 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-06 22:47 - 2013-12-02 22:48 - 00003152 _____ C:\Windows\System32\Tasks\HPCeeScheduleForpaul
2013-12-06 22:47 - 2013-03-18 21:59 - 00000000 ____D C:\Users\paul
2013-12-06 22:15 - 2013-09-29 13:27 - 00047104 ___SH C:\Users\paul\Desktop\Thumbs.db
2013-12-02 22:17 - 2013-12-02 21:58 - 00000000 ____D C:\Users\paul\Downloads\Breaking Bad S05E05 Dead Freight HDTV x264-FQM[ettv]
2013-12-02 19:00 - 2013-12-02 17:48 - 00000000 ____D C:\Users\paul\Downloads\Breaking Bad S05E03 Hazard Pay HDTV x264-FQM[ettv]
2013-12-01 22:00 - 2013-04-09 21:27 - 00023040 ___SH C:\Users\paul\Downloads\Thumbs.db
2013-12-01 13:05 - 2013-03-24 08:38 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-01 13:05 - 2013-03-24 08:38 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-01 08:08 - 2013-12-01 08:08 - 00000000 ____D C:\Users\sarah_000\AppData\Roaming\WebApp
2013-11-30 19:15 - 2013-11-30 13:57 - 00000000 ____D C:\Users\paul\Downloads\Breaking.Bad.Season.4
2013-11-30 17:47 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-28 19:13 - 2013-11-28 18:49 - 00000000 ____D C:\Users\sarah_000\AppData\Roaming\Apple Computer
2013-11-28 19:12 - 2013-11-28 19:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-28 19:10 - 2013-11-28 19:10 - 00000000 ____D C:\Users\sarah_000\AppData\Local\Apple Computer
2013-11-28 16:28 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-27 21:17 - 2013-11-27 20:48 - 00000000 ____D C:\Users\paul\Downloads\VA - Anjunabeats Worldwide 3 (Mixed By Arty & Daniel Kandi) (2011)
2013-11-27 21:01 - 2013-11-27 21:01 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-27 21:01 - 2013-11-27 21:01 - 00000000 ____D C:\Users\paul\AppData\Roaming\Apple Computer
2013-11-27 21:01 - 2013-11-27 21:01 - 00000000 ____D C:\Users\paul\AppData\Local\Apple Computer
2013-11-27 21:00 - 2013-11-27 20:59 - 00000000 ____D C:\Program Files\iTunes
2013-11-27 21:00 - 2013-11-27 20:59 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-27 20:59 - 2013-11-27 20:59 - 00000000 ____D C:\ProgramData\Apple Computer
2013-11-27 20:59 - 2013-11-27 20:59 - 00000000 ____D C:\Program Files\iPod
2013-11-27 20:54 - 2013-11-27 20:54 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-11-27 20:54 - 2013-11-27 20:54 - 00000000 ____D C:\Users\paul\AppData\Local\Apple
2013-11-27 20:53 - 2013-11-27 20:53 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-11-27 20:53 - 2012-09-17 21:41 - 00000000 ____D C:\ProgramData\Apple
2013-11-27 20:52 - 2013-11-27 20:52 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-27 20:51 - 2013-11-27 20:50 - 100400976 _____ (Apple Inc.) C:\Users\paul\Downloads\iTunes64Setup.exe
2013-11-27 20:39 - 2012-07-26 07:21 - 00044347 _____ C:\Windows\setupact.log
2013-11-22 20:41 - 2013-11-22 20:41 - 00000000 ____D C:\Users\paul\Downloads\Inception (2010)
2013-11-21 21:10 - 2013-11-21 21:10 - 00000000 ____D C:\Users\sarah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-20 21:07 - 2013-07-09 18:38 - 00000000 ____D C:\Users\sarah_000
2013-11-20 17:11 - 2013-11-20 17:11 - 00002396 _____ C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-11-20 17:11 - 2013-11-20 17:11 - 00002334 _____ C:\Users\paul\Desktop\Search.lnk
2013-11-20 17:08 - 2013-11-20 17:08 - 00001164 _____ C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-11-20 17:02 - 2013-11-20 17:02 - 00436744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-20 17:02 - 2013-03-16 21:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-20 16:45 - 2012-07-26 08:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-19 04:26 - 2013-10-01 06:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 19:46 - 2013-11-16 18:24 - 1254655868 _____ C:\Users\sarah_000\Downloads\[ www.UsaBit.com ] - Where the Heart Is 2000 720p WEBRip x264-PLAYNOW.mp4
2013-11-16 18:16 - 2013-11-16 18:08 - 00000000 ____D C:\Users\sarah_000\Downloads\10 Years LIMITED BDRip XviD-SAPHiRE
2013-11-16 18:02 - 2013-11-16 17:57 - 00000000 ____D C:\Users\sarah_000\Downloads\Beastly.2011.DVDRip.XviD.AC3-BeFRee
2013-11-16 17:49 - 2013-11-16 17:30 - 00000000 ____D C:\Users\sarah_000\Downloads\The Internship (2013)
2013-11-16 17:35 - 2013-11-16 17:32 - 00000000 ____D C:\Users\sarah_000\Downloads\The Notebook (2004)
2013-11-16 11:28 - 2013-07-16 05:44 - 00000000 ____D C:\Windows\system32\MRT
2013-11-16 11:25 - 2013-03-19 11:39 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-16 10:18 - 2013-03-27 13:22 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-16 07:51 - 2013-11-16 07:51 - 00000000 ____D C:\Users\paul\AppData\Local\avgchrome
2013-11-16 07:39 - 2013-07-10 11:10 - 00000000 ____D C:\Users\paul\AppData\Local\Pokki
2013-11-16 07:34 - 2013-11-16 07:34 - 00284616 _____ C:\Windows\Minidump\111613-47531-01.dmp
2013-11-16 07:31 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\WinStore
2013-11-16 07:31 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-11-16 07:31 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\system32\en-GB
2013-11-13 18:59 - 2013-11-13 18:59 - 00000000 ____D C:\Users\paul\AppData\Roaming\dvdcss

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-08 10:56

==================== End Of Log ============================

[emeraldnzl]

Hello peejaygee1,

Please uninstall the following if they are there:

BitGuard
BrowserSafeguard
Iminent
Iminent Toolbar on IE and Chrome
MyPC Backup
Search Protection

Next

Reset your Chrome browser.

Go to the link below for instructions on how to reset Google Chrome browser settings:

https://support.goog...r/3296214?hl=en

After that

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

[peejaygee1]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-12-2013 02
Ran by paul at 2013-12-12 20:24:06 Run:1
Running from C:\Users\paul\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
C:\Program Files (x86)\Iminent\Iminent.exe
C:\Program Files (x86)\Iminent
FF Extension: Iminent Toolbar - C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\detmy00y.default\Extensions\[email protected]
R2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
C:\Windows\System32\Tasks\BitGuard
C:\Users\sarah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
C:\ProgramData\BitGuard
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2894144 2013-11-15] (Iminent)
C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
C:\Program Files (x86)\Common Files\Umbrella
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [x]
C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
C:\Program Files (x86)\MyPC Backup
Task: {8D178C7F-E0ED-4BF5-A0A1-3CA34E12DC65} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {D14EB974-BE2D-4257-B511-20D5B8BDCD17} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe [2013-10-06] () <==== ATTENTION
C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
C:\Program Files (x86)\Browsersafeguard


*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Iminent => Value not found.
"C:\Program Files (x86)\Iminent\Iminent.exe" => File/Directory not found.
"C:\Program Files (x86)\Iminent" => File/Directory not found.
C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\detmy00y.default\Extensions\[email protected] => Moved successfully.
BitGuard => Service not found.
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe => Moved successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
"C:\Windows\System32\Tasks\BitGuard" => File/Directory not found.
"C:\Users\sarah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard" => File/Directory not found.
C:\ProgramData\BitGuard => Moved successfully.
"C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe" => File/Directory not found.
"C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll" => File/Directory not found.
SProtection => Service deleted successfully.
C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe => Moved successfully.
C:\Program Files (x86)\Common Files\Umbrella => Moved successfully.
BackupStack => Service deleted successfully.
C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D178C7F-E0ED-4BF5-A0A1-3CA34E12DC65} => Key not found.
C:\Windows\System32\Tasks\BitGuard not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D14EB974-BE2D-4257-B511-20D5B8BDCD17} => Key not found.
C:\Windows\System32\Tasks\BrowserSafeguard Update Task not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => Key not found.
C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe => Moved successfully.
C:\Program Files (x86)\Browsersafeguard => Moved successfully.


The system needs a manual reboot.

==== End of Fixlog ====

[emeraldnzl]

Hello peejaygee1,

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

• Double click on ComboFix.exe & follow the prompts.
  
• If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  
• Your desktop may go blank. This is normal.
  
• ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  
• ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[peejaygee1]

ComboFix 13-12-13.01 - paul 16/12/2013 9:07.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.3988.1965 [GMT 0:00]
Running from: c:\users\paul\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PCSUService
.
.
((((((((((((((((((((((((( Files Created from 2013-11-16 to 2013-12-16 )))))))))))))))))))))))))))))))
.
.
2013-12-16 09:22 . 2013-12-16 09:47 -------- d-----w- c:\users\paul\AppData\Local\temp
2013-12-16 09:22 . 2013-12-16 09:22 -------- d-----w- c:\users\Sarah24\AppData\Local\temp
2013-12-16 09:22 . 2013-12-16 09:22 -------- d-----w- c:\users\sarah_000\AppData\Local\temp
2013-12-16 09:22 . 2013-12-16 09:22 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-12-16 09:22 . 2013-12-16 09:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-14 08:09 . 2013-11-01 01:45 23350272 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-14 08:09 . 2013-11-01 01:16 22615040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-12 20:04 . 2013-12-12 20:04 254128 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10227.bin
2013-12-11 21:45 . 2013-10-25 04:43 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-12-11 21:45 . 2013-10-25 06:19 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-12-11 21:45 . 2013-10-25 06:17 365568 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-12-11 21:45 . 2013-10-25 06:19 484352 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2013-12-11 21:45 . 2013-10-25 06:19 915968 ----a-w- c:\windows\system32\uxtheme.dll
2013-12-11 21:45 . 2013-10-25 04:45 469504 ----a-w- c:\program files (x86)\Internet Explorer\ieinstal.exe
2013-12-11 21:45 . 2013-10-25 04:43 245248 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2013-12-11 21:43 . 2013-10-10 09:32 115712 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-11 21:43 . 2013-10-10 09:30 156160 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-11 21:43 . 2013-10-10 09:24 143872 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 21:43 . 2013-10-10 09:23 146944 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 21:43 . 2013-10-10 09:22 222720 ----a-w- c:\windows\system32\scrobj.dll
2013-12-11 21:43 . 2013-10-10 09:22 194048 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 21:43 . 2013-10-10 09:30 162304 ----a-w- c:\windows\SysWow64\scrobj.dll
2013-12-11 21:43 . 2013-11-23 06:43 420864 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 21:43 . 2013-11-23 05:05 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-11 21:43 . 2013-11-06 23:18 4036608 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 21:43 . 2013-09-28 03:35 288768 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 21:43 . 2013-11-01 05:38 312320 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 21:43 . 2013-11-01 03:49 273408 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-10 22:31 . 2013-12-12 20:24 -------- d-----w- C:\FRST
2013-12-09 22:27 . 2013-12-09 22:27 -------- d-----w- c:\users\paul\AppData\Roaming\AVAST Software
2013-12-09 09:12 . 2013-12-09 09:12 -------- d-----w- c:\users\sarah_000\AppData\Roaming\AVAST Software
2013-12-01 08:08 . 2013-12-01 08:08 -------- d-----w- c:\users\sarah_000\AppData\Roaming\WebApp
2013-11-28 19:12 . 2013-11-28 19:12 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-28 19:10 . 2013-11-28 19:10 -------- d-----w- c:\users\sarah_000\AppData\Local\Apple Computer
2013-11-28 18:49 . 2013-11-28 19:13 -------- d-----w- c:\users\sarah_000\AppData\Roaming\Apple Computer
2013-11-27 21:01 . 2013-11-27 21:01 -------- d-----w- c:\users\paul\AppData\Roaming\Apple Computer
2013-11-27 21:01 . 2013-11-27 21:01 -------- d-----w- c:\users\paul\AppData\Local\Apple Computer
2013-11-27 21:01 . 2012-08-21 13:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-11-27 20:59 . 2013-11-27 20:59 -------- d-----w- c:\program files\iPod
2013-11-27 20:59 . 2013-11-27 21:00 -------- d-----w- c:\program files\iTunes
2013-11-27 20:59 . 2013-11-27 21:00 -------- d-----w- c:\program files (x86)\iTunes
2013-11-27 20:59 . 2013-11-27 20:59 -------- d-----w- c:\programdata\Apple Computer
2013-11-27 20:54 . 2013-11-27 20:54 -------- d-----w- c:\users\paul\AppData\Local\Apple
2013-11-27 20:53 . 2013-11-27 20:53 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-11-27 20:52 . 2013-11-27 20:52 -------- d-----w- c:\program files\Common Files\Apple
2013-11-27 20:52 . 2013-11-27 20:59 -------- d-----w- c:\program files (x86)\Common Files\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 22:10 . 2013-03-19 11:39 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-08 20:46 . 2013-04-18 08:35 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-08 20:46 . 2013-04-18 08:35 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-08 20:46 . 2013-04-18 08:35 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-08 20:46 . 2013-04-18 08:35 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-08 20:46 . 2013-04-18 08:35 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-08 20:46 . 2013-04-18 08:35 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-08 20:46 . 2013-04-18 08:35 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-08 20:46 . 2013-04-18 08:35 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-08 20:46 . 2013-04-18 08:33 43152 ----a-w- c:\windows\avastSS.scr
2013-12-04 00:53 . 2013-11-16 07:37 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53 . 2013-11-16 07:37 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-02 19:00 . 2013-07-19 11:22 273528 ----a-w- c:\windows\system32\drivers\RapportHades64.sys
2013-12-02 19:00 . 2013-07-19 11:22 316248 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2013-11-19 20:52 . 2013-03-17 06:11 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-11-13 16:48 . 2013-03-27 14:53 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-10-10 11:53 . 2013-11-14 16:54 96600 ----a-w- c:\windows\system32\drivers\wfplwfs.sys
2013-10-10 09:21 . 2013-11-14 16:54 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-10 09:20 . 2013-11-14 16:54 723968 ----a-w- c:\windows\system32\BFE.DLL
2013-10-02 23:25 . 2013-11-14 16:52 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-10-01 23:37 . 2013-11-14 16:52 1569280 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-01 23:37 . 2013-11-14 18:57 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-01 23:26 . 2013-11-14 16:52 1890816 ----a-w- c:\windows\system32\crypt32.dll
2013-10-01 23:26 . 2013-11-14 18:57 2304512 ----a-w- c:\windows\system32\authui.dll
2013-10-01 22:22 . 2013-11-14 16:52 1022976 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-23 22:30 . 2013-11-14 16:51 419328 ----a-w- c:\windows\system32\schannel.dll
2013-09-23 22:30 . 2013-11-14 16:51 323072 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-27 16:25 222808 ----a-w- c:\users\paul\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-27 16:25 222808 ----a-w- c:\users\paul\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-27 16:25 222808 ----a-w- c:\users\paul\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 09:49 594432 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\paul\AppData\Roaming\uTorrent\uTorrent.exe" [2013-11-22 900440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-07 581024]
"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\55e9baf9-745b-4f82-969e-a6a46b01753d.exe" [2013-11-23 180184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-08 3568312]
.
c:\users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2013-11-13 194224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 Update qualitink;Update qualitink;c:\program files (x86)\qualitink\updatequalitink.exe;c:\program files (x86)\qualitink\updatequalitink.exe [x]
R2 Update Whilokii;Update Whilokii;c:\program files (x86)\Whilokii\updateWhilokii.exe;c:\program files (x86)\Whilokii\updateWhilokii.exe [x]
R2 Util qualitink;Util qualitink;c:\program files (x86)\qualitink\bin\utilqualitink.exe;c:\program files (x86)\qualitink\bin\utilqualitink.exe [x]
R2 Util Whilokii;Util Whilokii;c:\program files (x86)\Whilokii\bin\utilWhilokii.exe;c:\program files (x86)\Whilokii\bin\utilWhilokii.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNe64.sys;c:\windows\SYSNATIVE\DRIVERS\NETwNe64.sys [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 RapportHades64;RapportHades64;c:\windows\System32\Drivers\RapportHades64.sys;c:\windows\SYSNATIVE\Drivers\RapportHades64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-07 11:11 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-17 18:20]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24 08:38]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24 08:38]
.
2013-12-16 c:\windows\Tasks\HPCeeScheduleForpaul.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2013-12-16 c:\windows\Tasks\Torntv 2-codedownloader.job
- c:\program files (x86)\Torntv 2\Torntv 2-codedownloader.exe [2013-10-27 08:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-27 16:25 261704 ----a-w- c:\users\paul\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-27 16:25 261704 ----a-w- c:\users\paul\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-27 16:25 261704 ----a-w- c:\users\paul\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-13 16:51 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-13 16:51 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-13 16:51 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-08 20:46 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 15:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 15:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 15:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 15:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 15:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 15:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 09:50 724992 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-08 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-08 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-08 440640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-22 1425408]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\detmy00y.default\
FF - prefs.js: browser.search.defaulturl -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-IminentMessenger - c:\program files (x86)\Iminent\Iminent.Messengers.exe
BHO-{31ad400d-1b06-4e33-a59a-90c2c140cba0} - (no file)
AddRemove-DMUninstaller - c:\program files\Uninstaller\Uninstall.exe
AddRemove-PlusWinks - c:\program files (x86)\Cool Smiley Bar for Facebook\uninst.exe
AddRemove-Search-Gol Chrome Toolbar - c:\users\paul\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
AddRemove-zulagames - c:\program files (x86)\Zula Games\uninst.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
AddRemove-DigitalSite - c:\users\paul\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe
AddRemove-VisualBee for Microsoft PowerPoint - c:\users\paul\AppData\Local\VisualBeeExe\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Classic Shell\ClassicShellService.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Completion time: 2013-12-16 09:53:54 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-16 09:53
.
Pre-Run: 505,827,885,056 bytes free
Post-Run: 505,556,647,936 bytes free
.
- - End Of File - - 0E3D9498672E3241BE36CDF44097600C

[emeraldnzl]

Hello peejaygee1,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
Update qualitink
Update Whilokii
Util qualitink
Util Whilokii

File::
c:\program files (x86)\qualitink\updatequalitink.exe
c:\program files (x86)\Whilokii\updateWhilokii.exe
c:\program files (x86)\qualitink\bin\utilqualitink.exe
c:\program files (x86)\Whilokii\bin\utilWhilokii.exe

Folder::
c:\program files (x86)\qualitink
c:\program files (x86)\Whilokii

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

[peejaygee1]

ComboFix 13-12-18.01 - paul 19/12/2013 12:16:47.2.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.3988.2670 [GMT 0:00]
Running from: c:\users\paul\Downloads\ComboFix.exe
Command switches used :: c:\users\paul\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\program files (x86)\qualitink\bin\utilqualitink.exe"
"c:\program files (x86)\qualitink\updatequalitink.exe"
"c:\program files (x86)\Whilokii\bin\utilWhilokii.exe"
"c:\program files (x86)\Whilokii\updateWhilokii.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\sarah_000\AppData\Roaming\24x7 Help
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\24x7_UploaderDark01.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\24x7bubble_Left.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\24x7bubble_Right.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\24x7bubble_X00.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\24x7bubble_X01.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\24x7bubble_X02.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\24x7Dark_NoTabs_Back00.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\24x7Dark_NoTabs_PhoneIcon.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsActive.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsBack.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsHover.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\24x7logoNew_dark01.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\24x7man_dark01.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\ArrowSmall.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\ArrowSmallHot.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\bubble.xml
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\Hardware_Icon.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\HotInactiveTabLeft.bmp
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\HotInactiveTabRight.bmp
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\MainImg_SettingsDark01.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\Navigation_HomeIcon00_Dark01.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\Navigation_HomeIcon01_Dark01.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\Navigation_SettingsIcon00_Dark01.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\Navigation_SettingsIcon01_Dark01.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\OK_IconGreen01.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\PeriodicSystemCheckBubble.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\Phones_Icon.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\PushedInactiveTabLeft.bmp
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\PushedInactiveTabRight.bmp
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\Security_Icon.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\skin.xml
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\Software_Icon.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\SupportCheck01_arrow00.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\SupportCheck01_arrow01.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\Warning_Icon01.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\Warning_IconOrange01.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\Warning_IconRed01.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\WhiteTabLeft.png
c:\users\sarah_000\AppData\Roaming\24x7 Help\skin\WhiteTabRight.png
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Update qualitink
-------\Service_Update Whilokii
-------\Service_Util qualitink
-------\Service_Util Whilokii
.
.
((((((((((((((((((((((((( Files Created from 2013-11-19 to 2013-12-19 )))))))))))))))))))))))))))))))
.
.
2013-12-19 12:29 . 2013-12-19 12:29 -------- d-----w- c:\users\Sarah24\AppData\Local\temp
2013-12-19 12:29 . 2013-12-19 12:29 -------- d-----w- c:\users\sarah_000\AppData\Local\temp
2013-12-19 12:29 . 2013-12-19 12:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-12-19 12:29 . 2013-12-19 12:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-17 18:24 . 2013-12-17 18:24 -------- d-----w- c:\programdata\BrowserProtect
2013-12-17 18:24 . 2013-12-17 18:24 -------- d-----w- c:\programdata\BitGuard
2013-12-17 18:24 . 2013-12-17 18:24 -------- d-----w- c:\programdata\Browser Manager
2013-12-17 17:46 . 2013-12-17 17:52 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-12-17 17:44 . 2013-12-19 12:32 -------- d-----w- c:\programdata\TorchCrashHandler
2013-12-17 17:43 . 2013-12-17 17:44 -------- d-----w- c:\users\paul\AppData\Local\Torch
2013-12-17 17:38 . 2013-12-17 17:38 -------- d-----w- c:\programdata\Wincert
2013-12-17 17:37 . 2013-12-17 17:37 -------- d-----w- c:\program files (x86)\Movies Toolbar
2013-12-17 17:37 . 2013-12-19 12:32 -------- d-----w- c:\programdata\Datamngr
2013-12-17 17:07 . 2013-12-17 17:06 312744 ----a-w- c:\windows\system32\javaws.exe
2013-12-17 17:07 . 2013-12-17 17:06 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-12-17 17:07 . 2013-12-17 17:06 189352 ----a-w- c:\windows\system32\javaw.exe
2013-12-17 17:07 . 2013-12-17 17:06 189352 ----a-w- c:\windows\system32\java.exe
2013-12-17 17:05 . 2013-12-17 17:06 -------- d-----w- c:\program files\Java
2013-12-16 09:53 . 2013-12-19 12:29 -------- d-----w- c:\users\paul\AppData\Local\temp
2013-12-14 08:09 . 2013-11-01 01:45 23350272 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-14 08:09 . 2013-11-01 01:16 22615040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-11 21:45 . 2013-10-25 04:43 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-12-11 21:45 . 2013-10-25 06:19 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-12-11 21:45 . 2013-10-25 06:17 365568 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-12-11 21:45 . 2013-10-25 06:19 484352 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2013-12-11 21:45 . 2013-10-25 06:19 915968 ----a-w- c:\windows\system32\uxtheme.dll
2013-12-11 21:45 . 2013-10-25 04:45 469504 ----a-w- c:\program files (x86)\Internet Explorer\ieinstal.exe
2013-12-11 21:45 . 2013-10-25 04:43 245248 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2013-12-11 21:43 . 2013-10-10 09:32 115712 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-11 21:43 . 2013-10-10 09:30 156160 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-11 21:43 . 2013-10-10 09:24 143872 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 21:43 . 2013-10-10 09:23 146944 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 21:43 . 2013-10-10 09:22 222720 ----a-w- c:\windows\system32\scrobj.dll
2013-12-11 21:43 . 2013-10-10 09:22 194048 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 21:43 . 2013-10-10 09:30 162304 ----a-w- c:\windows\SysWow64\scrobj.dll
2013-12-11 21:43 . 2013-11-23 06:43 420864 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 21:43 . 2013-11-23 05:05 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-11 21:43 . 2013-11-06 23:18 4036608 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 21:43 . 2013-09-28 03:35 288768 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 21:43 . 2013-11-01 05:38 312320 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 21:43 . 2013-11-01 03:49 273408 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-10 22:31 . 2013-12-12 20:24 -------- d-----w- C:\FRST
2013-12-09 22:27 . 2013-12-09 22:27 -------- d-----w- c:\users\paul\AppData\Roaming\AVAST Software
2013-12-09 09:12 . 2013-12-09 09:12 -------- d-----w- c:\users\sarah_000\AppData\Roaming\AVAST Software
2013-12-01 08:08 . 2013-12-01 08:08 -------- d-----w- c:\users\sarah_000\AppData\Roaming\WebApp
2013-11-28 19:12 . 2013-11-28 19:12 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-28 19:10 . 2013-11-28 19:10 -------- d-----w- c:\users\sarah_000\AppData\Local\Apple Computer
2013-11-28 18:49 . 2013-11-28 19:13 -------- d-----w- c:\users\sarah_000\AppData\Roaming\Apple Computer
2013-11-27 21:01 . 2013-11-27 21:01 -------- d-----w- c:\users\paul\AppData\Roaming\Apple Computer
2013-11-27 21:01 . 2013-11-27 21:01 -------- d-----w- c:\users\paul\AppData\Local\Apple Computer
2013-11-27 21:01 . 2012-08-21 13:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-11-27 20:59 . 2013-11-27 20:59 -------- d-----w- c:\program files\iPod
2013-11-27 20:59 . 2013-11-27 21:00 -------- d-----w- c:\program files\iTunes
2013-11-27 20:59 . 2013-11-27 21:00 -------- d-----w- c:\program files (x86)\iTunes
2013-11-27 20:59 . 2013-11-27 20:59 -------- d-----w- c:\programdata\Apple Computer
2013-11-27 20:54 . 2013-11-27 20:54 -------- d-----w- c:\users\paul\AppData\Local\Apple
2013-11-27 20:53 . 2013-11-27 20:53 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-11-27 20:52 . 2013-11-27 20:52 -------- d-----w- c:\program files\Common Files\Apple
2013-11-27 20:52 . 2013-11-27 20:59 -------- d-----w- c:\program files (x86)\Common Files\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 22:10 . 2013-03-19 11:39 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-12 20:04 . 2013-12-12 20:04 254128 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10227.bin
2013-12-08 20:46 . 2013-04-18 08:35 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-08 20:46 . 2013-04-18 08:35 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-08 20:46 . 2013-04-18 08:35 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-08 20:46 . 2013-04-18 08:35 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-08 20:46 . 2013-04-18 08:35 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-08 20:46 . 2013-04-18 08:35 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-08 20:46 . 2013-04-18 08:35 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-08 20:46 . 2013-04-18 08:35 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-08 20:46 . 2013-04-18 08:33 43152 ----a-w- c:\windows\avastSS.scr
2013-12-04 00:53 . 2013-11-16 07:37 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53 . 2013-11-16 07:37 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-02 19:00 . 2013-07-19 11:22 273528 ----a-w- c:\windows\system32\drivers\RapportHades64.sys
2013-12-02 19:00 . 2013-07-19 11:22 316248 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2013-11-19 20:52 . 2013-03-17 06:11 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-11-13 16:48 . 2013-03-27 14:53 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-10-10 11:53 . 2013-11-14 16:54 96600 ----a-w- c:\windows\system32\drivers\wfplwfs.sys
2013-10-10 09:21 . 2013-11-14 16:54 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-10 09:20 . 2013-11-14 16:54 723968 ----a-w- c:\windows\system32\BFE.DLL
2013-10-02 23:25 . 2013-11-14 16:52 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-10-01 23:37 . 2013-11-14 16:52 1569280 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-01 23:37 . 2013-11-14 18:57 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-01 23:26 . 2013-11-14 16:52 1890816 ----a-w- c:\windows\system32\crypt32.dll
2013-10-01 23:26 . 2013-11-14 18:57 2304512 ----a-w- c:\windows\system32\authui.dll
2013-10-01 22:22 . 2013-11-14 16:52 1022976 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-23 22:30 . 2013-11-14 16:51 419328 ----a-w- c:\windows\system32\schannel.dll
2013-09-23 22:30 . 2013-11-14 16:51 323072 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3d86a75b-cb6b-4764-885d-ca6336f04ba2}]
2013-08-20 05:55 92560 ----a-w- c:\progra~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3d86a75b-cb6b-4764-885d-ca6336f04ba2}"= "c:\progra~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll" [2013-08-20 92560]
.
[HKEY_CLASSES_ROOT\clsid\{3d86a75b-cb6b-4764-885d-ca6336f04ba2}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-27 16:25 222808 ----a-w- c:\users\paul\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-27 16:25 222808 ----a-w- c:\users\paul\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-27 16:25 222808 ----a-w- c:\users\paul\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 09:49 594432 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\paul\AppData\Roaming\uTorrent\uTorrent.exe" [2013-11-22 900440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-07 581024]
"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\55e9baf9-745b-4f82-969e-a6a46b01753d.exe" [2013-11-23 180184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-08 3568312]
.
c:\users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2013-11-13 194224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNe64.sys;c:\windows\SYSNATIVE\DRIVERS\NETwNe64.sys [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 RapportHades64;RapportHades64;c:\windows\System32\Drivers\RapportHades64.sys;c:\windows\SYSNATIVE\Drivers\RapportHades64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DatamngrCoordinator;Datamngr Coordinator;c:\program files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe;c:\program files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 TorchCrashHandler;Torch Crash Handler;c:\users\paul\AppData\Local\Torch\Update\TorchCrashHandler.exe;c:\users\paul\AppData\Local\Torch\Update\TorchCrashHandler.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-07 11:11 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-17 18:20]
.
2013-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24 08:38]
.
2013-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24 08:38]
.
2013-12-19 c:\windows\Tasks\HPCeeScheduleForpaul.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-27 16:25 261704 ----a-w- c:\users\paul\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-27 16:25 261704 ----a-w- c:\users\paul\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-27 16:25 261704 ----a-w- c:\users\paul\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-13 16:51 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-13 16:51 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-13 16:51 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-08 20:46 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 15:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 15:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 15:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 15:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 15:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 15:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 09:50 724992 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-08 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-08 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-08 440640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-22 1425408]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-679&v=n10666-199&t=4
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\detmy00y.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=679&systemid=406&v=n10666-199&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5548443230124678&o=APN10645&q=
FF - ExtSQL: 2013-12-17 17:38; {3d86a75b-cb6b-4764-885d-ca6336f04ba2}; c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\detmy00y.default\extensions\{3d86a75b-cb6b-4764-885d-ca6336f04ba2}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-iLivid - c:\users\paul\AppData\Local\iLivid\iLivid.exe
BHO-{31ad400d-1b06-4e33-a59a-90c2c140cba0} - (no file)
Toolbar-10 - (no file)
AddRemove-DMUninstaller - c:\program files\Uninstaller\Uninstall.exe
AddRemove-PlusWinks - c:\program files (x86)\Cool Smiley Bar for Facebook\uninst.exe
AddRemove-zulagames - c:\program files (x86)\Zula Games\uninst.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Classic Shell\ClassicShellService.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
.
**************************************************************************
.
Completion time: 2013-12-19 12:41:09 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-19 12:41
ComboFix2.txt 2013-12-16 09:53
.
Pre-Run: 502,204,203,008 bytes free
Post-Run: 502,169,534,464 bytes free
.
- - End Of File - - 93D5B164E9325BA067489CB38B118E4B

[emeraldnzl]

Hello again peejaygee1,

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• Click the green ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
  then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
• Make sure that the option Scan archives is checked.
• If you are given an option to quarantine files ensure the scan is set to do so.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Then click on: Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic and tell me how your computer is now.

[emeraldnzl]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.